Windows Analysis Report
file.exe

AV Detection

Source: file.exe

Avira: detected

Source: https://atten-supporse.biz/apiT7	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/G	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/0u	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/api0	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/URDT	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/rD	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/h	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/5	Avira URL Cloud: Label: malware

Source: file.exe.5832.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["se-blurry.biz", "covery-mover.biz", "impend-differ.biz", "dare-curbys.biz", "formy-spill.biz", "zinc-sneark.biz", "atten-supporse.biz", "print-vexer.biz", "dwell-exclaim.biz"], "Build id": "LOGS11--LiveTraffic"}

Source: file.exe

ReversingLabs: Detection: 44%

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: file.exe

Joe Sandbox ML: detected

Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: impend-differ.biz
Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: print-vexer.biz
Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: dare-curbys.biz
Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: covery-mover.biz
Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: formy-spill.biz
Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: dwell-exclaim.biz
Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: zinc-sneark.biz
Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: se-blurry.biz
Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: atten-supporse.biz
Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.1261925966.0000000005080000.00000004.00001000.00020000.00000000.sdmp	String decryptor: LOGS11--LiveTraffic

Phishing

Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon

Compliance

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49752 version: TLS 1.2

Networking

Source: Network traffic	Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.7:60363 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.7:49701 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.7:49702 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.7:49704 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.7:49727 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.7:49752 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.7:49716 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.7:49736 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.7:49710 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.7:49702 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49702 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49701 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49701 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.7:49710 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49752 -> 172.67.165.166:443

Source: Malware configuration extractor	URLs: se-blurry.biz
Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	URLs: atten-supporse.biz
Source: Malware configuration extractor	URLs: print-vexer.biz
Source: Malware configuration extractor	URLs: dwell-exclaim.biz

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 18:11:36 GMTContent-Type: application/octet-streamContent-Length: 2841088Last-Modified: Mon, 09 Dec 2024 17:57:35 GMTConnection: keep-aliveETag: "67572f8f-2b5a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 c0 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 2c 00 00 04 00 00 1d 0a 2c 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 77 65 63 6a 6f 6c 75 6f 00 00 2b 00 00 a0 00 00 00 fa 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 62 61 72 73 71 79 62 65 00 20 00 00 00 a0 2b 00 00 04 00 00 00 34 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 c0 2b 00 00 22 00 00 00 38 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16
Source: Joe Sandbox View	IP Address: 172.67.165.166 172.67.165.166

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49701 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49702 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49727 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49704 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49752 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49716 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49736 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49710 -> 172.67.165.166:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.7:49758 -> 185.215.113.16:80

Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: global traffic

HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: href="https://www.facebook.com/sharer/sharer.php?u=${s}" equals www.facebook.com (Facebook)
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: href="https://www.linkedin.com/cws/share?url=${s}" equals www.linkedin.com (Linkedin)
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI||{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.facebook.com (Facebook)
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI||{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.linkedin.com (Linkedin)
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI||{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.twitter.com (Twitter)

Source: global traffic	DNS traffic detected: DNS query: atten-supporse.biz
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: mdec.nelreports.net

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz

Source: file.exe, 00000000.00000003.1564712168.0000000001351000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: file.exe, 00000000.00000003.1564712168.0000000001351000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/5
Source: file.exe, 00000000.00000003.1564712168.0000000001351000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/rD
Source: file.exe, 00000000.00000003.1564669145.000000000137E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16:80/off/def.exe
Source: file.exe, 00000000.00000003.1380835377.0000000005B8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000000.00000003.1380835377.0000000005B8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000000.00000003.1503274096.000000000135D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1564712168.000000000135E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: file.exe, 00000000.00000003.1380835377.0000000005B8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.1380835377.0000000005B8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000003.1380835377.0000000005B8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000003.1380835377.0000000005B8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000000.00000003.1380835377.0000000005B8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.1380835377.0000000005B8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.1380835377.0000000005B8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chromecache_108.12.dr	String found in binary or memory: http://schema.org/Organization
Source: file.exe, 00000000.00000003.1380835377.0000000005B8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000000.00000003.1380835377.0000000005B8E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.1317156056.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317416404.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317318266.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://aka.ms/certhelp
Source: chromecache_108.12.dr	String found in binary or memory: https://aka.ms/feedback/report?space=61
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://aka.ms/msignite_docs_banner
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://aka.ms/pshelpmechoose
Source: chromecache_108.12.dr	String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: file.exe, 00000000.00000003.1349790070.0000000005B49000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1433563234.0000000001394000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1564669145.000000000137E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/
Source: file.exe, 00000000.00000003.1503205298.0000000005B65000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1433586152.0000000005B65000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/0u
Source: file.exe, 00000000.00000003.1433465886.0000000001391000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1433563234.0000000001394000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/G
Source: file.exe, 00000000.00000003.1380076016.0000000005B41000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1405886291.0000000005B41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/URDT
Source: file.exe, 00000000.00000003.1438680258.0000000001395000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1504244504.0000000001395000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1564712168.0000000001367000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1451561328.0000000001395000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1379954586.0000000005B50000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1451327690.0000000001395000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1503274096.0000000001368000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1380510872.0000000005B56000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api
Source: file.exe, 00000000.00000003.1451327690.0000000001386000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api0
Source: file.exe, 00000000.00000003.1564712168.0000000001367000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1503274096.0000000001368000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiT7
Source: file.exe, 00000000.00000003.1438680258.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/h
Source: file.exe, 00000000.00000003.1438680258.0000000001395000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1504244504.0000000001395000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1451561328.0000000001395000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1451327690.0000000001395000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1433465886.0000000001391000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1433563234.0000000001394000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/w
Source: chromecache_108.12.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
Source: chromecache_108.12.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://aznb-ame-prod.azureedge.net/component/$
Source: file.exe, 00000000.00000003.1405886291.0000000005B41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
Source: file.exe, 00000000.00000003.1317156056.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317416404.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317318266.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.1317156056.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317416404.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317318266.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.1317156056.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317416404.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317318266.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://channel9.msdn.com/
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://client-api.arkoselabs.com/v2/api.js
Source: file.exe, 00000000.00000003.1405886291.0000000005B41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: file.exe, 00000000.00000003.1317156056.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317416404.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317318266.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.1317156056.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317416404.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317318266.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.1317156056.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317416404.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317318266.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chromecache_108.12.dr	String found in binary or memory: https://github.com/Thraka
Source: chromecache_108.12.dr	String found in binary or memory: https://github.com/Youssef1313
Source: chromecache_108.12.dr	String found in binary or memory: https://github.com/adegeo
Source: chromecache_108.12.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
Source: chromecache_108.12.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
Source: chromecache_108.12.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
Source: chromecache_108.12.dr	String found in binary or memory: https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://github.com/dotnet/try
Source: chromecache_108.12.dr	String found in binary or memory: https://github.com/gewarren
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://github.com/jonschlinkert/is-plain-object
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_108.12.dr	String found in binary or memory: https://github.com/mairaw
Source: chromecache_108.12.dr	String found in binary or memory: https://github.com/nschonni
Source: file.exe, 00000000.00000003.1405886291.0000000005B41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
Source: chromecache_108.12.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://learn-video.azurefd.net/vod/player
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://management.azure.com/subscriptions?api-version=2016-06-01
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://octokit.github.io/rest.js/#throttling
Source: chromecache_100.12.dr	String found in binary or memory: https://schema.org
Source: file.exe, 00000000.00000003.1382092108.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.1382092108.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://twitter.com/intent/tweet?original_referer=$
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05
Source: chromecache_100.12.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9
Source: file.exe, 00000000.00000003.1317156056.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317416404.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317318266.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.1317156056.0000000005B8F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317416404.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317318266.0000000005B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_88.12.dr, chromecache_100.12.dr	String found in binary or memory: https://www.linkedin.com/cws/share?url=$
Source: file.exe, 00000000.00000003.1382092108.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: file.exe, 00000000.00000003.1382092108.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: file.exe, 00000000.00000003.1382092108.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: file.exe, 00000000.00000003.1382092108.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.1382092108.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.166:443 -> 192.168.2.7:49752 version: TLS 1.2

System Summary

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: file.exe, 00000000.00000003.1557931553.0000000005FE7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1555976196.00000000060B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1564539999.0000000005BFE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1555145183.000000000617A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1554366005.00000000060A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1564841769.000000000610E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1556454438.0000000005FE5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1555632948.00000000060BA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1572303924.0000000006152000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1570442240.000000000613B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1566356097.0000000005FF1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1572978519.00000000062BF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1557626435.0000000005FF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1570589552.0000000005FE5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1555242687.0000000005FEE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1559735463.0000000005FE6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1561257579.0000000006211000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1568055211.0000000005FE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1569478942.000000000612E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1570158032.0000000006137000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1552928745.0000000005FE2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1553424382.0000000005FE6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1558089140.00000000060DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1571739975.0000000006148000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1556573788.00000000060C3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1552304281.000000000611A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1566166477.000000000611E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1563823839.0000000006217000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1562387923.0000000006110000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1570016504.0000000005FEB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1553356544.000000000614E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1551349594.0000000005C47000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1571885910.00000000062AD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1559944139.00000000060EA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1564380432.0000000006106000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1570909505.0000000005FE5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1555050711.00000000060A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1563324005.0000000006101000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1558226360.00000000061E0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1553271457.0000000006098000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1553603947.000000000614C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1557117301.00000000060C2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1564515825.0000000005FE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1567850782.000000000612E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1552777941.0000000005FED000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1554569885.00000000060A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1554839561.00000000060A3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1556094638.000000000619B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1571558087.0000000005FEA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1572531872.0000000005FE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1565131719.000000000623B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1569159892.000000000626E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1552862807.0000000006094000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1565833640.0000000005FF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1550575699.0000000005DE2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1559234506.0000000005FE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1554161913.00000000060A6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1569764366.000000000627D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1569010055.0000000006122000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1555433258.00000000061A0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1568596116.0000000006112000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1558540035.00000000060EA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1560177908.00000000061FF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1555338771.00000000060C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1551424924.0000000005FF1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1556941095.0000000005FE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1572757364.000000000614E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1559533968.00000000061EF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1551948735.0000000005C43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1559418766.00000000060E2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1571300212.000000000629C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1556192104.0000000005FEC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1550673926.0000000005C43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1555872255.0000000005FE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1550854267.0000000005FE3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1568746518.0000000006255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1568338014.000000000625F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1566567597.000000000611A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1559057222.00000000061F0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1564021501.0000000005FE3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1558367291.0000000005FEB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1557285122.00000000061A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1556333455.00000000060C2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1552056055.0000000005FE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1553183932.0000000005FE3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1558847929.00000000060E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1552551583.000000000608B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1568456992.0000000005FE3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1551076100.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1564692128.0000000001371000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1566761863.0000000006251000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1573128863.0000000005FE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1570733945.0000000006138000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1560740430.00000000060FA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1557787375.00000000060D3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1553888839.0000000005FEE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1564579756.0000000005B6B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1555534619.0000000005FE6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1568868156.0000000005FE3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1560425371.0000000005FE6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1556787248.00000000061AC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1562668768.0000000005FE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1554682765.0000000005FE5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1564669145.000000000137E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1568193756.000000000611C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1569312756.0000000005FE3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1558694923.0000000005FE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1562149078.0000000005FF1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1554462745.0000000005FE9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1554956078.0000000005FE2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1552667678.000000000612D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1571053544.0000000006138000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1552192282.0000000006075000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1550972836.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1572033174.0000000005FEE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1553011122.0000000006082000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1553515144.0000000006092000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1564712168.0000000001351000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1552422253.0000000005FEB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1554270618.0000000005FEC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1567091953.0000000005FEF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1570299895.0000000005FEB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000003.1553093342.000000000612E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9975197339965398
Source: file.exe	Static PE information: Section: jfeabjai ZLIB complexity 0.9945178456194959

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@24/64@9/5

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000003.1318299749.0000000005B5D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1317835969.0000000005B7A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1350474912.0000000005B7E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1350374206.0000000005B8B000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe

ReversingLabs: Detection: 44%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1944,i,12398090769683283580,15883976292217934783,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1916,i,5027301421968509795,4579798897625562281,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1944,i,12398090769683283580,15883976292217934783,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1916,i,5027301421968509795,4579798897625562281,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.shell.servicehostbuilder.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ieframe.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netapi32.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wkscli.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: secur32.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mlang.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: policymanager.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp110_win.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ieframe.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netapi32.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wkscli.dll			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe

Static file information: File size 1850368 > 1048576

Source: file.exe

Static PE information: Raw size of jfeabjai is bigger than: 0x100000 < 0x19ba00

Data Obfuscation

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c715d should be: 0x1c3f3c

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: jfeabjai
Source: file.exe	Static PE information: section name: yvvmwhay
Source: file.exe	Static PE information: section name: .taggant

Source: file.exe	Static PE information: section name: entropy: 7.976935103595703
Source: file.exe	Static PE information: section name: jfeabjai entropy: 7.9534405912733055

Boot Survival

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\file.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\file.exe

System information queried: FirmwareTableInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3090EC second address: 3090F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3090F0 second address: 3090F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3090F9 second address: 3090FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46E5D7 second address: 46E5DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46E5DB second address: 46E5E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46E5E1 second address: 46E5E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46E5E5 second address: 46E5F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 482CB3 second address: 482CB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 482E19 second address: 482E33 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5280E897AEh 0x00000008 push eax 0x00000009 pop eax 0x0000000a jg 00007F5280E897A6h 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007F5280E897A6h 0x00000018 push eax 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 483248 second address: 48324E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48324E second address: 48328A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F5280E897A6h 0x0000000a popad 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jmp 00007F5280E897ADh 0x00000014 jmp 00007F5280E897B7h 0x00000019 pop edx 0x0000001a jne 00007F5280E897B2h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48328A second address: 483290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 483290 second address: 483294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4833D4 second address: 4833D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48655A second address: 486595 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F5280E897ABh 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jnp 00007F5280E897AAh 0x00000015 push esi 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 pop esi 0x00000019 mov eax, dword ptr [eax] 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F5280E897B8h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 486595 second address: 48659A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48659A second address: 4865AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007F5280E897A8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4865AF second address: 4865B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 486638 second address: 4866A1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5280E897ACh 0x00000008 jnl 00007F5280E897A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007F5280E897A8h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D1DF3h], edx 0x00000033 push 00000000h 0x00000035 jc 00007F5280E897AEh 0x0000003b push esi 0x0000003c mov dword ptr [ebp+122D208Bh], eax 0x00000042 pop ecx 0x00000043 call 00007F5280E897A9h 0x00000048 jmp 00007F5280E897AFh 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 push ebx 0x00000051 push edi 0x00000052 pop edi 0x00000053 pop ebx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4866A1 second address: 4866C2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F5280DFF512h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4866C2 second address: 4867BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007F5280E897A8h 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 jmp 00007F5280E897AFh 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b push ebx 0x0000001c push edx 0x0000001d jmp 00007F5280E897B4h 0x00000022 pop edx 0x00000023 pop ebx 0x00000024 pop eax 0x00000025 push 00000000h 0x00000027 push ecx 0x00000028 call 00007F5280E897A8h 0x0000002d pop ecx 0x0000002e mov dword ptr [esp+04h], ecx 0x00000032 add dword ptr [esp+04h], 00000019h 0x0000003a inc ecx 0x0000003b push ecx 0x0000003c ret 0x0000003d pop ecx 0x0000003e ret 0x0000003f push 00000003h 0x00000041 call 00007F5280E897B2h 0x00000046 sbb esi, 735B8301h 0x0000004c pop edx 0x0000004d push 00000000h 0x0000004f mov dword ptr [ebp+122D3512h], esi 0x00000055 mov dword ptr [ebp+122D180Eh], ecx 0x0000005b push 00000003h 0x0000005d sub edx, 0E9F92D9h 0x00000063 push A649A1ABh 0x00000068 jne 00007F5280E897B6h 0x0000006e add dword ptr [esp], 19B65E55h 0x00000075 jmp 00007F5280E897B5h 0x0000007a lea ebx, dword ptr [ebp+1245148Ah] 0x00000080 mov si, cx 0x00000083 xchg eax, ebx 0x00000084 pushad 0x00000085 jc 00007F5280E897BAh 0x0000008b jmp 00007F5280E897B4h 0x00000090 push eax 0x00000091 push edx 0x00000092 ja 00007F5280E897A6h 0x00000098 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4867BE second address: 4867C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48683A second address: 486840 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 486840 second address: 4868C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5280DFF50Fh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xor dword ptr [esp], 4D83BB08h 0x00000014 movzx edi, cx 0x00000017 push 00000003h 0x00000019 jmp 00007F5280DFF519h 0x0000001e push 00000000h 0x00000020 call 00007F5280DFF517h 0x00000025 jnl 00007F5280DFF50Ch 0x0000002b pop edi 0x0000002c push 00000003h 0x0000002e push edx 0x0000002f push ecx 0x00000030 mov edx, edi 0x00000032 pop esi 0x00000033 pop edx 0x00000034 push 405D5188h 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F5280DFF50Fh 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4868C2 second address: 4868C8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4868C8 second address: 4868DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5280DFF513h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4868DF second address: 486928 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 7FA2AE78h 0x0000000f pushad 0x00000010 mov dx, 6B64h 0x00000014 stc 0x00000015 popad 0x00000016 lea ebx, dword ptr [ebp+12451493h] 0x0000001c clc 0x0000001d xchg eax, ebx 0x0000001e jng 00007F5280E897AAh 0x00000024 push esi 0x00000025 push eax 0x00000026 pop eax 0x00000027 pop esi 0x00000028 push eax 0x00000029 pushad 0x0000002a jmp 00007F5280E897B7h 0x0000002f push eax 0x00000030 push edx 0x00000031 jnp 00007F5280E897A6h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 486976 second address: 486985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F5280DFF506h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 486985 second address: 486989 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 486989 second address: 486A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c xor di, 59B2h 0x00000011 push 6A7D5A41h 0x00000016 jmp 00007F5280DFF514h 0x0000001b xor dword ptr [esp], 6A7D5AC1h 0x00000022 jno 00007F5280DFF51Eh 0x00000028 push 00000003h 0x0000002a cld 0x0000002b push 00000000h 0x0000002d push ecx 0x0000002e push edi 0x0000002f mov dword ptr [ebp+122D3125h], eax 0x00000035 pop edx 0x00000036 pop esi 0x00000037 push 00000003h 0x00000039 push 00000000h 0x0000003b push edx 0x0000003c call 00007F5280DFF508h 0x00000041 pop edx 0x00000042 mov dword ptr [esp+04h], edx 0x00000046 add dword ptr [esp+04h], 00000016h 0x0000004e inc edx 0x0000004f push edx 0x00000050 ret 0x00000051 pop edx 0x00000052 ret 0x00000053 mov cx, di 0x00000056 push ecx 0x00000057 and dx, 00E0h 0x0000005c pop esi 0x0000005d call 00007F5280DFF509h 0x00000062 push eax 0x00000063 push edx 0x00000064 jno 00007F5280DFF50Ch 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 486A28 second address: 486A2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 486A2E second address: 486A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 486A32 second address: 486A84 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5280E897A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jno 00007F5280E897AEh 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push ecx 0x00000018 pushad 0x00000019 jmp 00007F5280E897B3h 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 pop ecx 0x00000022 mov eax, dword ptr [eax] 0x00000024 jmp 00007F5280E897AAh 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d je 00007F5280E897BCh 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 486A84 second address: 486A88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 486A88 second address: 486ACB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov edi, dword ptr [ebp+122D2094h] 0x00000010 lea ebx, dword ptr [ebp+1245149Eh] 0x00000016 or dword ptr [ebp+122D208Bh], eax 0x0000001c xchg eax, ebx 0x0000001d pushad 0x0000001e jmp 00007F5280E897B8h 0x00000023 push eax 0x00000024 push edx 0x00000025 jp 00007F5280E897A6h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 486ACB second address: 486AE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b jmp 00007F5280DFF50Ah 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A7AF1 second address: 4A7B01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897AAh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A7B01 second address: 4A7B52 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5280DFF51Ah 0x00000008 jmp 00007F5280DFF50Eh 0x0000000d jc 00007F5280DFF506h 0x00000013 jmp 00007F5280DFF517h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jng 00007F5280DFF516h 0x00000022 push ecx 0x00000023 pop ecx 0x00000024 jmp 00007F5280DFF50Eh 0x00000029 push ebx 0x0000002a pushad 0x0000002b popad 0x0000002c pop ebx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A7B52 second address: 4A7B70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 jng 00007F5280E897A6h 0x0000000d jmp 00007F5280E897ADh 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A59D6 second address: 4A59F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF50Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007F5280DFF506h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A59F1 second address: 4A5A13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F5280E897A6h 0x00000010 jmp 00007F5280E897B2h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A5B88 second address: 4A5BD4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F5280DFF515h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c jng 00007F5280DFF53Ah 0x00000012 push ebx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 jmp 00007F5280DFF516h 0x0000001a pop ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F5280DFF50Ch 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A5D1A second address: 4A5D1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A5D1E second address: 4A5D24 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A5E5F second address: 4A5E6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F5280E897A6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A5E6F second address: 4A5E8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5280DFF519h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6000 second address: 4A6005 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6005 second address: 4A6029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5280DFF506h 0x0000000a pop ebx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jnl 00007F5280DFF520h 0x00000013 jno 00007F5280DFF50Eh 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A62B2 second address: 4A62E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F5280E897B8h 0x0000000f popad 0x00000010 jmp 00007F5280E897B2h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6733 second address: 4A6737 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6737 second address: 4A674B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A674B second address: 4A6750 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6750 second address: 4A6771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F5280E897B5h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6771 second address: 4A6775 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A68B7 second address: 4A68CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5280E897AEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A7336 second address: 4A733C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A7470 second address: 4A7478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A7478 second address: 4A7499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5280DFF517h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ADB63 second address: 4ADB68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AECC7 second address: 4AECCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2A39 second address: 4B2A3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2EA6 second address: 4B2EC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF516h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2EC2 second address: 4B2EDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5280E897B6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B3195 second address: 4B31A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B32F6 second address: 4B32FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B345B second address: 4B3463 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B68CC second address: 4B68E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5280E897B1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6A29 second address: 4B6A2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6DC4 second address: 4B6DE4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5280E897B6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B790F second address: 4B7913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B7913 second address: 4B792A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B7AF5 second address: 4B7AFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B7AFC second address: 4B7B5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F5280E897A8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 mov dword ptr [ebp+122D3618h], eax 0x0000002a mov si, bx 0x0000002d xchg eax, ebx 0x0000002e jns 00007F5280E897AEh 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 jmp 00007F5280E897ADh 0x0000003d jbe 00007F5280E897A6h 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B800D second address: 4B80C5 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5280DFF508h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b call 00007F5280DFF515h 0x00000010 mov dword ptr [ebp+1246BC7Bh], ebx 0x00000016 pop edi 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007F5280DFF508h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 0000001Bh 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 xor edi, dword ptr [ebp+122D2B3Ah] 0x00000039 sub dword ptr [ebp+122D238Ah], edi 0x0000003f push 00000000h 0x00000041 push 00000000h 0x00000043 push edi 0x00000044 call 00007F5280DFF508h 0x00000049 pop edi 0x0000004a mov dword ptr [esp+04h], edi 0x0000004e add dword ptr [esp+04h], 0000001Ch 0x00000056 inc edi 0x00000057 push edi 0x00000058 ret 0x00000059 pop edi 0x0000005a ret 0x0000005b js 00007F5280DFF518h 0x00000061 jmp 00007F5280DFF512h 0x00000066 xchg eax, ebx 0x00000067 jmp 00007F5280DFF512h 0x0000006c push eax 0x0000006d pushad 0x0000006e ja 00007F5280DFF508h 0x00000074 push esi 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8A83 second address: 4B8A94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop esi 0x00000006 push eax 0x00000007 je 00007F5280E897B8h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8A94 second address: 4B8A98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8A98 second address: 4B8B0A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5280E897A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007F5280E897A8h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 mov dword ptr [ebp+122D2E4Fh], edx 0x0000002b push 00000000h 0x0000002d jno 00007F5280E897ACh 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ecx 0x00000038 call 00007F5280E897A8h 0x0000003d pop ecx 0x0000003e mov dword ptr [esp+04h], ecx 0x00000042 add dword ptr [esp+04h], 00000017h 0x0000004a inc ecx 0x0000004b push ecx 0x0000004c ret 0x0000004d pop ecx 0x0000004e ret 0x0000004f mov edi, dword ptr [ebp+122D35EAh] 0x00000055 or dword ptr [ebp+122D1DF3h], ecx 0x0000005b xchg eax, ebx 0x0000005c pushad 0x0000005d push ebx 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47534D second address: 475353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B934F second address: 4B9353 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 475353 second address: 47535D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B9353 second address: 4B9376 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F5280E897B3h 0x0000000c jmp 00007F5280E897ADh 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47535D second address: 475364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B9376 second address: 4B9380 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F5280E897A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BBCB8 second address: 4BBCDE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F5280DFF515h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f js 00007F5280DFF506h 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BBA91 second address: 4BBA95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BBCDE second address: 4BBCE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F5280DFF506h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BBCE8 second address: 4BBCEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BBCEC second address: 4BBD7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F5280DFF508h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 push 00000000h 0x00000025 mov esi, dword ptr [ebp+1244DBD9h] 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push edx 0x00000030 call 00007F5280DFF508h 0x00000035 pop edx 0x00000036 mov dword ptr [esp+04h], edx 0x0000003a add dword ptr [esp+04h], 00000014h 0x00000042 inc edx 0x00000043 push edx 0x00000044 ret 0x00000045 pop edx 0x00000046 ret 0x00000047 jmp 00007F5280DFF512h 0x0000004c xchg eax, ebx 0x0000004d pushad 0x0000004e push edi 0x0000004f jp 00007F5280DFF506h 0x00000055 pop edi 0x00000056 push eax 0x00000057 pushad 0x00000058 popad 0x00000059 pop eax 0x0000005a popad 0x0000005b push eax 0x0000005c push ecx 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007F5280DFF517h 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD1FB second address: 4BD282 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F5280E897A8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push esi 0x00000029 call 00007F5280E897A8h 0x0000002e pop esi 0x0000002f mov dword ptr [esp+04h], esi 0x00000033 add dword ptr [esp+04h], 00000019h 0x0000003b inc esi 0x0000003c push esi 0x0000003d ret 0x0000003e pop esi 0x0000003f ret 0x00000040 push 00000000h 0x00000042 mov esi, dword ptr [ebp+122D365Ch] 0x00000048 pushad 0x00000049 jmp 00007F5280E897B4h 0x0000004e popad 0x0000004f xchg eax, ebx 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 ja 00007F5280E897A6h 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD282 second address: 4BD297 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF511h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD297 second address: 4BD29D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BDD97 second address: 4BDD9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BDD9F second address: 4BDDCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov esi, dword ptr [ebp+122D29BAh] 0x0000000f push 00000000h 0x00000011 mov edi, 43FB6D31h 0x00000016 push 00000000h 0x00000018 jne 00007F5280E897A6h 0x0000001e xchg eax, ebx 0x0000001f push eax 0x00000020 push edx 0x00000021 js 00007F5280E897ACh 0x00000027 jne 00007F5280E897A6h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BDDCC second address: 4BDDE3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5280DFF508h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007F5280DFF506h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BDDE3 second address: 4BDDE9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BDDE9 second address: 4BDDEE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BDB1E second address: 4BDB28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F5280E897A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE7AD second address: 4BE858 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF50Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F5280DFF508h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edi 0x00000014 push eax 0x00000015 jmp 00007F5280DFF519h 0x0000001a pop eax 0x0000001b pop edi 0x0000001c nop 0x0000001d push 00000000h 0x0000001f push edx 0x00000020 call 00007F5280DFF508h 0x00000025 pop edx 0x00000026 mov dword ptr [esp+04h], edx 0x0000002a add dword ptr [esp+04h], 0000001Bh 0x00000032 inc edx 0x00000033 push edx 0x00000034 ret 0x00000035 pop edx 0x00000036 ret 0x00000037 jp 00007F5280DFF50Ch 0x0000003d mov dword ptr [ebp+122D1D54h], edx 0x00000043 push 00000000h 0x00000045 jo 00007F5280DFF50Ch 0x0000004b mov esi, dword ptr [ebp+122D2A6Ah] 0x00000051 push 00000000h 0x00000053 push 00000000h 0x00000055 push edx 0x00000056 call 00007F5280DFF508h 0x0000005b pop edx 0x0000005c mov dword ptr [esp+04h], edx 0x00000060 add dword ptr [esp+04h], 00000014h 0x00000068 inc edx 0x00000069 push edx 0x0000006a ret 0x0000006b pop edx 0x0000006c ret 0x0000006d xor edi, 3DC0EBEBh 0x00000073 xchg eax, ebx 0x00000074 push eax 0x00000075 push edx 0x00000076 jnc 00007F5280DFF50Ch 0x0000007c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE57A second address: 4BE584 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5280E897A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE858 second address: 4BE87E instructions: 0x00000000 rdtsc 0x00000002 je 00007F5280DFF510h 0x00000008 jmp 00007F5280DFF50Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 js 00007F5280DFF508h 0x00000017 push edx 0x00000018 pop edx 0x00000019 je 00007F5280DFF50Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C24AC second address: 4C24B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C24B0 second address: 4C24B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C359F second address: 4C35A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C3784 second address: 4C3788 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C56F7 second address: 4C5728 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a nop 0x0000000b mov bx, CE6Ah 0x0000000f push 00000000h 0x00000011 pushad 0x00000012 mov edx, dword ptr [ebp+122D334Bh] 0x00000018 clc 0x00000019 popad 0x0000001a push 00000000h 0x0000001c push eax 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 jng 00007F5280E897A6h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C3846 second address: 4C384C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C673D second address: 4C6754 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5280E897B3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C87E9 second address: 4C87ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C87ED second address: 4C87F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C87F1 second address: 4C8863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F5280DFF508h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 jns 00007F5280DFF508h 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebp 0x0000002f call 00007F5280DFF508h 0x00000034 pop ebp 0x00000035 mov dword ptr [esp+04h], ebp 0x00000039 add dword ptr [esp+04h], 00000016h 0x00000041 inc ebp 0x00000042 push ebp 0x00000043 ret 0x00000044 pop ebp 0x00000045 ret 0x00000046 xor dword ptr [ebp+122D1DCBh], edi 0x0000004c mov ebx, 7CA8EFB0h 0x00000051 push 00000000h 0x00000053 pushad 0x00000054 add ch, 00000000h 0x00000057 popad 0x00000058 push eax 0x00000059 jnl 00007F5280DFF510h 0x0000005f pushad 0x00000060 push ebx 0x00000061 pop ebx 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C97A7 second address: 4C97AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C97AD second address: 4C97B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C89DD second address: 4C89EC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C89EC second address: 4C89F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C97B1 second address: 4C981D instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5280E897A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F5280E897A8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 mov dword ptr [ebp+1244AF9Ch], edx 0x0000002f push 00000000h 0x00000031 add dword ptr [ebp+122D1C53h], eax 0x00000037 mov ebx, 651D0FFDh 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push ecx 0x00000041 call 00007F5280E897A8h 0x00000046 pop ecx 0x00000047 mov dword ptr [esp+04h], ecx 0x0000004b add dword ptr [esp+04h], 00000015h 0x00000053 inc ecx 0x00000054 push ecx 0x00000055 ret 0x00000056 pop ecx 0x00000057 ret 0x00000058 xchg eax, esi 0x00000059 push eax 0x0000005a push edx 0x0000005b jl 00007F5280E897ACh 0x00000061 je 00007F5280E897A6h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C89F0 second address: 4C89F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C981D second address: 4C9822 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C89F4 second address: 4C89FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C89FA second address: 4C8A00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8A00 second address: 4C8A04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8A04 second address: 4C8A85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 movzx ebx, bx 0x0000000c push dword ptr fs:[00000000h] 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F5280E897A8h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d xor dword ptr [ebp+122D355Bh], edi 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a mov di, F1AAh 0x0000003e mov eax, dword ptr [ebp+122D0C8Dh] 0x00000044 push 00000000h 0x00000046 push edi 0x00000047 call 00007F5280E897A8h 0x0000004c pop edi 0x0000004d mov dword ptr [esp+04h], edi 0x00000051 add dword ptr [esp+04h], 0000001Ah 0x00000059 inc edi 0x0000005a push edi 0x0000005b ret 0x0000005c pop edi 0x0000005d ret 0x0000005e mov ebx, 6A510C21h 0x00000063 add edi, dword ptr [ebp+122D322Ch] 0x00000069 push FFFFFFFFh 0x0000006b push eax 0x0000006c js 00007F5280E897B4h 0x00000072 push eax 0x00000073 push edx 0x00000074 push eax 0x00000075 pop eax 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8A85 second address: 4C8A89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA77C second address: 4CA780 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA780 second address: 4CA786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA786 second address: 4CA78B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA78B second address: 4CA7E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a call 00007F5280DFF50Ch 0x0000000f jmp 00007F5280DFF50Dh 0x00000014 pop edi 0x00000015 mov dword ptr [ebp+12450DD9h], edi 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ebx 0x00000020 call 00007F5280DFF508h 0x00000025 pop ebx 0x00000026 mov dword ptr [esp+04h], ebx 0x0000002a add dword ptr [esp+04h], 00000019h 0x00000032 inc ebx 0x00000033 push ebx 0x00000034 ret 0x00000035 pop ebx 0x00000036 ret 0x00000037 push 00000000h 0x00000039 mov di, 9615h 0x0000003d push eax 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA7E4 second address: 4CA7E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA7E8 second address: 4CA7EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB81A second address: 4CB82B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5280E897ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB82B second address: 4CB82F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB82F second address: 4CB83D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD79E second address: 4CD81F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F5280DFF518h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F5280DFF508h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 mov dword ptr [ebp+1244ADF4h], eax 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebx 0x00000033 call 00007F5280DFF508h 0x00000038 pop ebx 0x00000039 mov dword ptr [esp+04h], ebx 0x0000003d add dword ptr [esp+04h], 00000015h 0x00000045 inc ebx 0x00000046 push ebx 0x00000047 ret 0x00000048 pop ebx 0x00000049 ret 0x0000004a mov ebx, dword ptr [ebp+122D2BAEh] 0x00000050 push 00000000h 0x00000052 jmp 00007F5280DFF512h 0x00000057 xchg eax, esi 0x00000058 push ebx 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD81F second address: 4CD840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5280E897B4h 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD840 second address: 4CD844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD844 second address: 4CD84E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5280E897A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA97D second address: 4CA98F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5280DFF508h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA98F second address: 4CA993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CBA09 second address: 4CBA0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9936 second address: 4C993B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C993B second address: 4C9949 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9949 second address: 4C994D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC9B6 second address: 4CC9C0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5280DFF50Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC9C0 second address: 4CC9CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CF6DB second address: 4CF6E5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5280DFF50Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CF6E5 second address: 4CF72B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 add edi, 69126011h 0x0000000d push 00000000h 0x0000000f mov dword ptr [ebp+122D36EAh], edx 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007F5280E897A8h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 0000001Ah 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 pushad 0x00000036 popad 0x00000037 jnc 00007F5280E897A6h 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CF72B second address: 4CF730 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD99C second address: 4CD9A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5280E897A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD9A7 second address: 4CDA4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF516h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F5280DFF511h 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F5280DFF508h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a mov di, 1FC1h 0x0000002e push dword ptr fs:[00000000h] 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007F5280DFF508h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 00000018h 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f mov dword ptr fs:[00000000h], esp 0x00000056 mov eax, dword ptr [ebp+122D06B5h] 0x0000005c jmp 00007F5280DFF517h 0x00000061 push FFFFFFFFh 0x00000063 mov ebx, edx 0x00000065 nop 0x00000066 pushad 0x00000067 push ecx 0x00000068 pushad 0x00000069 popad 0x0000006a pop ecx 0x0000006b push eax 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE81F second address: 4CE823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE823 second address: 4CE829 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D080C second address: 4D0811 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE829 second address: 4CE83F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF50Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE83F second address: 4CE849 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5280E897A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D0811 second address: 4D0858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F5280DFF50Fh 0x0000000d nop 0x0000000e sub dword ptr [ebp+122D1B50h], eax 0x00000014 mov bh, dh 0x00000016 push 00000000h 0x00000018 jne 00007F5280DFF512h 0x0000001e jp 00007F5280DFF50Ch 0x00000024 push 00000000h 0x00000026 mov edi, dword ptr [ebp+122D1D87h] 0x0000002c push eax 0x0000002d jo 00007F5280DFF514h 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE849 second address: 4CE8EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F5280E897A8h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 jmp 00007F5280E897B8h 0x00000029 push dword ptr fs:[00000000h] 0x00000030 push 00000000h 0x00000032 push ebx 0x00000033 call 00007F5280E897A8h 0x00000038 pop ebx 0x00000039 mov dword ptr [esp+04h], ebx 0x0000003d add dword ptr [esp+04h], 00000017h 0x00000045 inc ebx 0x00000046 push ebx 0x00000047 ret 0x00000048 pop ebx 0x00000049 ret 0x0000004a mov dword ptr fs:[00000000h], esp 0x00000051 push esi 0x00000052 mov ebx, dword ptr [ebp+122D2B56h] 0x00000058 pop ebx 0x00000059 mov eax, dword ptr [ebp+122D0291h] 0x0000005f mov dword ptr [ebp+122D180Eh], edi 0x00000065 push FFFFFFFFh 0x00000067 clc 0x00000068 mov edi, dword ptr [ebp+122D295Eh] 0x0000006e nop 0x0000006f pushad 0x00000070 push ebx 0x00000071 pushad 0x00000072 popad 0x00000073 pop ebx 0x00000074 push eax 0x00000075 push edx 0x00000076 pushad 0x00000077 popad 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE8EF second address: 4CE909 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF50Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b je 00007F5280DFF514h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CF92F second address: 4CF933 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D09B5 second address: 4D0A41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5280DFF514h 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e add dword ptr [ebp+124739F6h], edi 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push edi 0x0000001e call 00007F5280DFF508h 0x00000023 pop edi 0x00000024 mov dword ptr [esp+04h], edi 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc edi 0x00000031 push edi 0x00000032 ret 0x00000033 pop edi 0x00000034 ret 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c push 00000000h 0x0000003e push esi 0x0000003f call 00007F5280DFF508h 0x00000044 pop esi 0x00000045 mov dword ptr [esp+04h], esi 0x00000049 add dword ptr [esp+04h], 00000014h 0x00000051 inc esi 0x00000052 push esi 0x00000053 ret 0x00000054 pop esi 0x00000055 ret 0x00000056 cmc 0x00000057 mov eax, dword ptr [ebp+122D0289h] 0x0000005d adc ebx, 5555A9D3h 0x00000063 push FFFFFFFFh 0x00000065 mov ebx, dword ptr [ebp+122D2B0Eh] 0x0000006b push eax 0x0000006c jo 00007F5280DFF51Dh 0x00000072 push eax 0x00000073 push edx 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D0A41 second address: 4D0A45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D3A1E second address: 4D3A37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF515h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D7D44 second address: 4D7D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5280E897A6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jnl 00007F5280E897A6h 0x00000016 ja 00007F5280E897A6h 0x0000001c jmp 00007F5280E897B3h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D7520 second address: 4D7527 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D7527 second address: 4D7531 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5280E897ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D7655 second address: 4D765D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D765D second address: 4D7663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DD0FF second address: 4DD109 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F5280DFF506h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DD109 second address: 4DD128 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DD128 second address: 4DD14B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF514h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DD14B second address: 4DD165 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DD24C second address: 4DD250 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E3F7B second address: 4E3F85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F5280E897A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E345B second address: 4E345F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E345F second address: 4E3473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F5280E897A6h 0x0000000e je 00007F5280E897A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4738BF second address: 4738D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5280DFF50Ah 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E3718 second address: 4E373D instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5280E897A6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007F5280E897AEh 0x00000012 push ebx 0x00000013 jne 00007F5280E897AEh 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E373D second address: 4E374B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 jng 00007F5280DFF506h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E3CC3 second address: 4E3CC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E3CC7 second address: 4E3CCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E867B second address: 4E8685 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5280E897A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8685 second address: 4E8695 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 js 00007F5280DFF506h 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B53EE second address: 4B53F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5665 second address: 4B566B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B566B second address: 4B5679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnp 00007F5280E897A6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B57CA second address: 4B57D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B57D0 second address: 4B57D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5B49 second address: 4B5B73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F5280DFF506h 0x00000009 jmp 00007F5280DFF510h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F5280DFF50Ah 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B636B second address: 4B6370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6370 second address: 4B637A instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5280DFF50Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6408 second address: 4B6421 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d js 00007F5280E897A6h 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6421 second address: 4B6446 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF50Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov cl, 03h 0x0000000c lea eax, dword ptr [ebp+1247FF74h] 0x00000012 mov dword ptr [ebp+122D3431h], ebx 0x00000018 nop 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push esi 0x0000001e pop esi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6446 second address: 4B644A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B644A second address: 4B6450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6450 second address: 4B6471 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5280E897B6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F035B second address: 4F035F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F035F second address: 4F037A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897B1h 0x00000007 jo 00007F5280E897A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF001 second address: 4EF005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF332 second address: 4EF33C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F5280E897A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF49A second address: 4EF4B3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5280DFF506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F5280DFF50Ah 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF4B3 second address: 4EF4CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5280E897B0h 0x00000009 popad 0x0000000a popad 0x0000000b push esi 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF7A6 second address: 4EF7AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF934 second address: 4EF938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF938 second address: 4EF93C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EFA6D second address: 4EFA71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EFC02 second address: 4EFC16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5280DFF510h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EFC16 second address: 4EFC31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897AFh 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jc 00007F5280E897A6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F01F5 second address: 4F020D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5280DFF512h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F1D53 second address: 4F1D57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F57BD second address: 4F57E1 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5280DFF508h 0x00000008 jp 00007F5280DFF508h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jo 00007F5280DFF51Ah 0x00000016 push eax 0x00000017 push edx 0x00000018 jnl 00007F5280DFF506h 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F8C73 second address: 4F8C94 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5280E897A6h 0x00000008 jmp 00007F5280E897B7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F8C94 second address: 4F8CAC instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5280DFF50Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F5280DFF506h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD165 second address: 4FD169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD169 second address: 4FD175 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5280DFF506h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD2E7 second address: 4FD304 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897B9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD77B second address: 4FD783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD8D3 second address: 4FD8D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FDB8A second address: 4FDB8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FDB8E second address: 4FDB94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FDE57 second address: 4FDE5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FDE5D second address: 4FDE70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007F5280E897AEh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FDE70 second address: 4FDE78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500D7A second address: 500D7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500D7E second address: 500D82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50388E second address: 503892 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 503892 second address: 503896 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5035B7 second address: 5035BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5035BD second address: 5035D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jng 00007F5280DFF506h 0x0000000c jc 00007F5280DFF506h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5035D0 second address: 5035D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5035D7 second address: 5035E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5280DFF506h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5035E6 second address: 5035EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5035EA second address: 5035F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 508492 second address: 50849E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F5280E897A6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50772A second address: 50773F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F5280DFF510h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 507CE3 second address: 507CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jng 00007F5280E897A6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 507CF0 second address: 507D05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jnp 00007F5280DFF506h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 507D05 second address: 507D20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5280E897B2h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 507D20 second address: 507D2A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5280DFF506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 507D2A second address: 507D42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5280E897B2h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 508011 second address: 508019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CC8B second address: 50CCC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F5280E897A6h 0x0000000a jmp 00007F5280E897B0h 0x0000000f popad 0x00000010 jp 00007F5280E897BBh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CCC1 second address: 50CCDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F5280DFF506h 0x00000009 js 00007F5280DFF506h 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 jnp 00007F5280DFF50Eh 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CCDD second address: 50CCF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5280E897B3h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CCF8 second address: 50CCFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CCFD second address: 50CD03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CD03 second address: 50CD0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CD0E second address: 50CD12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CE33 second address: 50CE39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CE39 second address: 50CE40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D138 second address: 50D14E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF510h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D14E second address: 50D176 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897ADh 0x00000007 pushad 0x00000008 jmp 00007F5280E897B6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D176 second address: 50D17C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B5F81 second address: 4B5F9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5280E897B6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D2C5 second address: 50D2E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F5280DFF517h 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 510882 second address: 5108A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F5280E897B5h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 476F2C second address: 476F30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 476F30 second address: 476F55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F5280E897C7h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 jmp 00007F5280E897B3h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 476F55 second address: 476F59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51750A second address: 51750E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 517D9A second address: 517D9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 518613 second address: 518617 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 518C01 second address: 518C07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 518C07 second address: 518C45 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007F5280E897A6h 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F5280E897B6h 0x0000001b jmp 00007F5280E897B2h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 518F30 second address: 518F3A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D377 second address: 51D3A8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5280E897ACh 0x00000008 jmp 00007F5280E897B3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jno 00007F5280E897B2h 0x00000015 jg 00007F5280E897ACh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D522 second address: 51D528 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D528 second address: 51D52E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D68F second address: 51D696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D94A second address: 51D94E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D94E second address: 51D952 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D952 second address: 51D97D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5280E897B2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5280E897AFh 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51DABF second address: 51DAC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51DC2A second address: 51DC31 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51DC31 second address: 51DC65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F5280DFF513h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pop esi 0x00000013 push edi 0x00000014 pop edi 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 jo 00007F5280DFF512h 0x0000001e jg 00007F5280DFF506h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51DC65 second address: 51DC69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A799 second address: 52A79D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A79D second address: 52A7E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jne 00007F5280E897A6h 0x00000013 popad 0x00000014 jmp 00007F5280E897AAh 0x00000019 pushad 0x0000001a jmp 00007F5280E897B7h 0x0000001f jne 00007F5280E897A6h 0x00000025 jo 00007F5280E897A6h 0x0000002b push eax 0x0000002c pop eax 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A7E6 second address: 52A7EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 528F03 second address: 528F10 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnc 00007F5280E897A6h 0x00000009 pop edx 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52931F second address: 529323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529323 second address: 529347 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5280E897A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnl 00007F5280E897A6h 0x00000011 push edx 0x00000012 pop edx 0x00000013 jmp 00007F5280E897AAh 0x00000018 popad 0x00000019 popad 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529347 second address: 52934D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52934D second address: 529361 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F5280E897ABh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529361 second address: 529367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529367 second address: 52938E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F5280E897A6h 0x0000000a jmp 00007F5280E897B6h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52938E second address: 529392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529646 second address: 52965C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F5280E897B2h 0x0000000e jnc 00007F5280E897A6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52965C second address: 529660 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52979C second address: 5297A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5297A0 second address: 5297C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF50Eh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F5280DFF50Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 530112 second address: 530137 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F5280E897B2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5280E897ABh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 530137 second address: 530143 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5280DFF506h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 530143 second address: 53014B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53014B second address: 53014F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5330F3 second address: 5330F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5330F8 second address: 533128 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F5280DFF506h 0x00000009 push esi 0x0000000a pop esi 0x0000000b push edi 0x0000000c pop edi 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f popad 0x00000010 push ecx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 jbe 00007F5280DFF506h 0x00000019 pop ecx 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push esi 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 pushad 0x00000022 popad 0x00000023 pop esi 0x00000024 jne 00007F5280DFF50Ch 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 533284 second address: 533288 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 533288 second address: 53328E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53328E second address: 5332A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F5280E897A6h 0x0000000a jmp 00007F5280E897AEh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5332A6 second address: 5332BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F5280DFF50Dh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5332BD second address: 5332C7 instructions: 0x00000000 rdtsc 0x00000002 je 00007F5280E897A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 540972 second address: 540976 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546758 second address: 54675E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54675E second address: 546766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546766 second address: 54676C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54676C second address: 546776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546776 second address: 54679F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F5280E897B4h 0x0000000b popad 0x0000000c jl 00007F5280E897B2h 0x00000012 jg 00007F5280E897A6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54679F second address: 5467A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5467A7 second address: 5467AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5467AD second address: 5467B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 553ADC second address: 553AE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 555197 second address: 5551AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5280DFF511h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5551AC second address: 5551B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5551B0 second address: 5551B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55AC58 second address: 55AC64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F5280E897A6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55ADDC second address: 55ADE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55ADE0 second address: 55AE1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F5280E897A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F5280E897B4h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 jmp 00007F5280E897B1h 0x0000001a push eax 0x0000001b push edx 0x0000001c jns 00007F5280E897A6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55B0A5 second address: 55B0AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55B232 second address: 55B259 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5280E897ABh 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55B259 second address: 55B26E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F5280DFF50Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55B553 second address: 55B558 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C09E second address: 55C0A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C0A3 second address: 55C0AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C0AA second address: 55C0C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F5280DFF50Ah 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C0C0 second address: 55C0C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C0C6 second address: 55C0CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 560B40 second address: 560B55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F5280E897A6h 0x0000000a je 00007F5280E897A6h 0x00000010 popad 0x00000011 push eax 0x00000012 push esi 0x00000013 pop esi 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 560B55 second address: 560B5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 560B5A second address: 560B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56CA7C second address: 56CA9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5280DFF513h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56CA9A second address: 56CAA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5280E897A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56CAA6 second address: 56CAB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F5280DFF506h 0x0000000a popad 0x0000000b jne 00007F5280DFF508h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56CAB9 second address: 56CAC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F5280E897A6h 0x0000000a jno 00007F5280E897A6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57C3A1 second address: 57C3A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57C1FF second address: 57C205 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57C205 second address: 57C20B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57F06B second address: 57F079 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F5280E897A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5815CB second address: 5815CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5815CF second address: 5815D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5815D5 second address: 5815DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 591DE8 second address: 591DEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 591DEC second address: 591DF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5970C8 second address: 5970CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5970CC second address: 5970DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5970DA second address: 5970E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59725F second address: 59726D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jns 00007F5280DFF506h 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59726D second address: 59727B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5280E897AAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5973D8 second address: 5973E4 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5280DFF50Eh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5973E4 second address: 5973EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5973EC second address: 5973F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 597560 second address: 59757C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F5280E897B6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59757C second address: 597584 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 597584 second address: 597588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 597B0F second address: 597B14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 597B14 second address: 597B1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 597B1A second address: 597B1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5998AC second address: 5998C3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5280E897AAh 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007F5280E897A6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59E064 second address: 59E06F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59E06F second address: 59E073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59DC8B second address: 59DC8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5200391 second address: 52003D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F5280E897B7h 0x0000000a and cx, 526Eh 0x0000000f jmp 00007F5280E897B9h 0x00000014 popfd 0x00000015 popad 0x00000016 mov ch, 07h 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52003D7 second address: 52003DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52003DB second address: 52003E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52207BB second address: 52207C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52207C1 second address: 52207C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52207C7 second address: 52207CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52207CB second address: 52207CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52207CF second address: 52207DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52207DF second address: 52207E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52207E4 second address: 52207EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52207EA second address: 52207EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52207EE second address: 5220833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-04h] 0x0000000b pushad 0x0000000c call 00007F5280DFF50Ch 0x00000011 pushfd 0x00000012 jmp 00007F5280DFF512h 0x00000017 jmp 00007F5280DFF515h 0x0000001c popfd 0x0000001d pop ecx 0x0000001e push edi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220833 second address: 5220884 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push ebx 0x00000007 pushad 0x00000008 mov cl, 1Bh 0x0000000a call 00007F5280E897B1h 0x0000000f pushad 0x00000010 popad 0x00000011 pop ecx 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 jmp 00007F5280E897ADh 0x0000001b push dword ptr [ebp+08h] 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 jmp 00007F5280E897B9h 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220975 second address: 522003A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF50Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a jmp 00007F5280DFF516h 0x0000000f retn 0004h 0x00000012 nop 0x00000013 sub esp, 04h 0x00000016 xor ebx, ebx 0x00000018 cmp eax, 00000000h 0x0000001b je 00007F5280DFF653h 0x00000021 xor eax, eax 0x00000023 mov dword ptr [esp], 00000000h 0x0000002a mov dword ptr [esp+04h], 00000000h 0x00000032 call 00007F5285D3DA9Bh 0x00000037 mov edi, edi 0x00000039 jmp 00007F5280DFF516h 0x0000003e xchg eax, ebp 0x0000003f jmp 00007F5280DFF510h 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F5280DFF50Eh 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 522003A second address: 5220055 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov al, bl 0x0000000f mov eax, 1AE1FD73h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220055 second address: 52200BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5280DFF50Fh 0x00000009 or ch, FFFFFFDEh 0x0000000c jmp 00007F5280DFF519h 0x00000011 popfd 0x00000012 jmp 00007F5280DFF510h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c pushad 0x0000001d mov ax, 006Dh 0x00000021 mov eax, 463D3669h 0x00000026 popad 0x00000027 push FFFFFFFEh 0x00000029 pushad 0x0000002a mov ecx, 0D0C49A1h 0x0000002f mov bh, al 0x00000031 popad 0x00000032 push 408B9828h 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52200BB second address: 52200BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52200BF second address: 52200C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52200C5 second address: 52200CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52200CA second address: 5220115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, 4505h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 351F0620h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F5280DFF50Dh 0x0000001b or cx, 6FD6h 0x00000020 jmp 00007F5280DFF511h 0x00000025 popfd 0x00000026 jmp 00007F5280DFF510h 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220115 second address: 5220127 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5280E897AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220127 second address: 5220151 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF50Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 3779B2F7h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F5280DFF512h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220151 second address: 52201F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F5280E897B1h 0x00000008 pop esi 0x00000009 mov eax, edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e add dword ptr [esp], 3E2B7879h 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F5280E897B9h 0x0000001c add ax, 1556h 0x00000021 jmp 00007F5280E897B1h 0x00000026 popfd 0x00000027 jmp 00007F5280E897B0h 0x0000002c popad 0x0000002d mov eax, dword ptr fs:[00000000h] 0x00000033 pushad 0x00000034 call 00007F5280E897AEh 0x00000039 pushfd 0x0000003a jmp 00007F5280E897B2h 0x0000003f sbb ax, 41D8h 0x00000044 jmp 00007F5280E897ABh 0x00000049 popfd 0x0000004a pop ecx 0x0000004b push eax 0x0000004c push edx 0x0000004d movsx edi, si 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52201F4 second address: 5220223 instructions: 0x00000000 rdtsc 0x00000002 mov ebx, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 jmp 00007F5280DFF50Ah 0x0000000d push eax 0x0000000e pushad 0x0000000f mov ecx, ebx 0x00000011 mov si, dx 0x00000014 popad 0x00000015 nop 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F5280DFF512h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220223 second address: 52202DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 18h 0x0000000c pushad 0x0000000d jmp 00007F5280E897B4h 0x00000012 jmp 00007F5280E897B2h 0x00000017 popad 0x00000018 xchg eax, ebx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F5280E897AEh 0x00000020 and eax, 031A8B58h 0x00000026 jmp 00007F5280E897ABh 0x0000002b popfd 0x0000002c pushfd 0x0000002d jmp 00007F5280E897B8h 0x00000032 add ax, 95B8h 0x00000037 jmp 00007F5280E897ABh 0x0000003c popfd 0x0000003d popad 0x0000003e push eax 0x0000003f pushad 0x00000040 mov edi, 520DE1DAh 0x00000045 mov ebx, 237841A6h 0x0000004a popad 0x0000004b xchg eax, ebx 0x0000004c pushad 0x0000004d push ebx 0x0000004e movzx esi, bx 0x00000051 pop edx 0x00000052 jmp 00007F5280E897B0h 0x00000057 popad 0x00000058 xchg eax, esi 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F5280E897AAh 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52202DF second address: 52202E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52202E3 second address: 52202E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52202E9 second address: 5220392 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, cl 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F5280DFF50Bh 0x0000000f pushfd 0x00000010 jmp 00007F5280DFF518h 0x00000015 xor ch, 00000008h 0x00000018 jmp 00007F5280DFF50Bh 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, esi 0x00000020 jmp 00007F5280DFF516h 0x00000025 xchg eax, edi 0x00000026 jmp 00007F5280DFF510h 0x0000002b push eax 0x0000002c pushad 0x0000002d call 00007F5280DFF511h 0x00000032 push esi 0x00000033 pop edi 0x00000034 pop ecx 0x00000035 pushfd 0x00000036 jmp 00007F5280DFF50Dh 0x0000003b add si, 2736h 0x00000040 jmp 00007F5280DFF511h 0x00000045 popfd 0x00000046 popad 0x00000047 xchg eax, edi 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220392 second address: 5220396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220396 second address: 522039C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 522039C second address: 52203A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52203A2 second address: 52203ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF50Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [75AB4538h] 0x00000010 jmp 00007F5280DFF510h 0x00000015 xor dword ptr [ebp-08h], eax 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushfd 0x0000001c jmp 00007F5280DFF50Ch 0x00000021 xor cx, AFE8h 0x00000026 jmp 00007F5280DFF50Bh 0x0000002b popfd 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52203ED second address: 52204C9 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F5280E897B8h 0x00000008 jmp 00007F5280E897B5h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 call 00007F5280E897B0h 0x00000015 call 00007F5280E897B2h 0x0000001a pop esi 0x0000001b pop edx 0x0000001c popad 0x0000001d xor eax, ebp 0x0000001f jmp 00007F5280E897B7h 0x00000024 nop 0x00000025 pushad 0x00000026 call 00007F5280E897B4h 0x0000002b mov eax, 6B61B181h 0x00000030 pop ecx 0x00000031 call 00007F5280E897B7h 0x00000036 mov bl, ah 0x00000038 pop edi 0x00000039 popad 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e mov si, 55E3h 0x00000042 pushfd 0x00000043 jmp 00007F5280E897B8h 0x00000048 or ecx, 44CE6E28h 0x0000004e jmp 00007F5280E897ABh 0x00000053 popfd 0x00000054 popad 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52204C9 second address: 52204E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5280DFF514h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52204E1 second address: 5220515 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007F5280E897B6h 0x00000011 lea eax, dword ptr [ebp-10h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov si, dx 0x0000001a push ebx 0x0000001b pop esi 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220515 second address: 522051A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 522051A second address: 5220520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220520 second address: 5220542 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr fs:[00000000h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov edx, 65140B3Ah 0x00000015 call 00007F5280DFF50Bh 0x0000001a pop esi 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220542 second address: 5220565 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [ebp-18h], esp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220565 second address: 5220569 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220569 second address: 5220586 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220586 second address: 52205DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 5652h 0x00000007 pushfd 0x00000008 jmp 00007F5280DFF513h 0x0000000d and cl, 0000004Eh 0x00000010 jmp 00007F5280DFF519h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov eax, dword ptr fs:[00000018h] 0x0000001f pushad 0x00000020 push ecx 0x00000021 movsx ebx, ax 0x00000024 pop ecx 0x00000025 movsx edx, si 0x00000028 popad 0x00000029 mov ecx, dword ptr [eax+00000FDCh] 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 pushad 0x00000033 popad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52102BA second address: 521033A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov edi, 39040392h 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F5280E897B9h 0x00000017 sbb cx, 9666h 0x0000001c jmp 00007F5280E897B1h 0x00000021 popfd 0x00000022 mov ah, EEh 0x00000024 popad 0x00000025 popad 0x00000026 nop 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F5280E897B4h 0x00000030 sub cl, 00000038h 0x00000033 jmp 00007F5280E897ABh 0x00000038 popfd 0x00000039 mov eax, 3FFF8B6Fh 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52103DE second address: 52103E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52103E2 second address: 52103E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52103E8 second address: 521040C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5280DFF50Ch 0x00000009 and eax, 6ED02518h 0x0000000f jmp 00007F5280DFF50Bh 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521040C second address: 5210426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebx, dword ptr [ebp+08h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F5280E897ACh 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210426 second address: 521042C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521042C second address: 5210430 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210430 second address: 5210446 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-2Ch] 0x0000000b pushad 0x0000000c mov ebx, 7193459Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 mov ax, di 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210446 second address: 521044A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521044A second address: 5210458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esp 0x00000008 pushad 0x00000009 mov bh, al 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210458 second address: 5210496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F5280E897ADh 0x0000000a adc ecx, 6F7C4AC6h 0x00000010 jmp 00007F5280E897B1h 0x00000015 popfd 0x00000016 popad 0x00000017 popad 0x00000018 mov dword ptr [esp], esi 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F5280E897ADh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210496 second address: 52104E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF511h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov edx, 0408F6AEh 0x00000012 pushfd 0x00000013 jmp 00007F5280DFF50Fh 0x00000018 and ah, 0000005Eh 0x0000001b jmp 00007F5280DFF519h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52104E2 second address: 521051A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 mov ch, E1h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F5280E897B2h 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F5280E897B7h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521051A second address: 5210520 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210520 second address: 5210524 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210524 second address: 5210566 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F5280DFF519h 0x00000012 xor eax, 7CE13306h 0x00000018 jmp 00007F5280DFF511h 0x0000001d popfd 0x0000001e mov dx, ax 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52105A8 second address: 5200D4F instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F5280E897ADh 0x00000008 adc ch, 00000076h 0x0000000b jmp 00007F5280E897B1h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushfd 0x00000014 jmp 00007F5280E897B0h 0x00000019 adc si, 8198h 0x0000001e jmp 00007F5280E897ABh 0x00000023 popfd 0x00000024 popad 0x00000025 mov esi, eax 0x00000027 jmp 00007F5280E897B6h 0x0000002c test esi, esi 0x0000002e jmp 00007F5280E897B0h 0x00000033 je 00007F52F16D77DFh 0x00000039 xor eax, eax 0x0000003b jmp 00007F5280E62EDAh 0x00000040 pop esi 0x00000041 pop edi 0x00000042 pop ebx 0x00000043 leave 0x00000044 retn 0004h 0x00000047 nop 0x00000048 sub esp, 04h 0x0000004b mov edi, eax 0x0000004d xor ebx, ebx 0x0000004f cmp edi, 00000000h 0x00000052 je 00007F5280E898B4h 0x00000058 call 00007F5285DA891Dh 0x0000005d mov edi, edi 0x0000005f pushad 0x00000060 call 00007F5280E897B6h 0x00000065 mov eax, 42626ED1h 0x0000006a pop ecx 0x0000006b movsx ebx, si 0x0000006e popad 0x0000006f xchg eax, ebp 0x00000070 pushad 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007F5280E897B2h 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5200D4F second address: 5200DF2 instructions: 0x00000000 rdtsc 0x00000002 call 00007F5280DFF512h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F5280DFF50Bh 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F5280DFF50Fh 0x00000018 adc ah, FFFFFFCEh 0x0000001b jmp 00007F5280DFF519h 0x00000020 popfd 0x00000021 mov dh, ch 0x00000023 popad 0x00000024 xchg eax, ebp 0x00000025 jmp 00007F5280DFF513h 0x0000002a mov ebp, esp 0x0000002c jmp 00007F5280DFF516h 0x00000031 xchg eax, ecx 0x00000032 jmp 00007F5280DFF510h 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F5280DFF50Eh 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5200DF2 second address: 5200E26 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007F5280E897B6h 0x0000000f mov dword ptr [ebp-04h], 55534552h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5200E26 second address: 5200E2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52109B6 second address: 52109E8 instructions: 0x00000000 rdtsc 0x00000002 mov esi, edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F5280E897AEh 0x0000000d mov dword ptr [esp], ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F5280E897B7h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52109E8 second address: 5210A16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF519h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5280DFF50Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210A9A second address: 5210AB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210AB0 second address: 5210AB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210AB4 second address: 5210ABA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210ABA second address: 5210AFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007F5280DFF50Fh 0x0000000b adc eax, 5FC6904Eh 0x00000011 jmp 00007F5280DFF519h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210AFC second address: 5210B02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210B02 second address: 5210B07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210BEA second address: 5210BF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210BF0 second address: 5210BF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52209A6 second address: 52209C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52209C3 second address: 52209F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF511h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007F5280DFF513h 0x00000012 pop esi 0x00000013 mov ah, bl 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52209F3 second address: 52209F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52209F9 second address: 52209FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52209FD second address: 5220A5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov si, bx 0x00000010 pushfd 0x00000011 jmp 00007F5280E897B3h 0x00000016 add eax, 01B7B0EEh 0x0000001c jmp 00007F5280E897B9h 0x00000021 popfd 0x00000022 popad 0x00000023 xchg eax, ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F5280E897ADh 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220A5A second address: 5220B52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF511h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F5280DFF50Eh 0x00000010 xchg eax, esi 0x00000011 jmp 00007F5280DFF510h 0x00000016 push eax 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F5280DFF511h 0x0000001e adc ax, 0BE6h 0x00000023 jmp 00007F5280DFF511h 0x00000028 popfd 0x00000029 mov edx, esi 0x0000002b popad 0x0000002c xchg eax, esi 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007F5280DFF518h 0x00000034 sub si, 1AB8h 0x00000039 jmp 00007F5280DFF50Bh 0x0000003e popfd 0x0000003f mov cx, A2EFh 0x00000043 popad 0x00000044 mov esi, dword ptr [ebp+0Ch] 0x00000047 pushad 0x00000048 pushad 0x00000049 mov di, ax 0x0000004c mov ax, 7E39h 0x00000050 popad 0x00000051 pushfd 0x00000052 jmp 00007F5280DFF516h 0x00000057 add eax, 01183448h 0x0000005d jmp 00007F5280DFF50Bh 0x00000062 popfd 0x00000063 popad 0x00000064 test esi, esi 0x00000066 jmp 00007F5280DFF516h 0x0000006b je 00007F52F162CD7Fh 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 jmp 00007F5280DFF50Ah 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220B52 second address: 5220B58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220B58 second address: 5220BC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF50Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [75AB459Ch], 05h 0x00000010 jmp 00007F5280DFF510h 0x00000015 je 00007F52F1644E1Ch 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F5280DFF50Eh 0x00000022 add ax, 0B68h 0x00000027 jmp 00007F5280DFF50Bh 0x0000002c popfd 0x0000002d movzx ecx, di 0x00000030 popad 0x00000031 push ebp 0x00000032 jmp 00007F5280DFF510h 0x00000037 mov dword ptr [esp], esi 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220BC6 second address: 5220BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220BCA second address: 5220BD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220BF4 second address: 5220BF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220BF8 second address: 5220BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220BFE second address: 5220C3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5280E897B2h 0x00000009 or ecx, 23B61288h 0x0000000f jmp 00007F5280E897ABh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push esp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F5280E897ACh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220C3A second address: 5220C40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220C40 second address: 5220C46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220CB4 second address: 5220CF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF517h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a jmp 00007F5280DFF516h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov di, 1BB0h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220CF0 second address: 5220CF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220CF5 second address: 5220CFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220CFB second address: 5220CFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626D7B5 second address: 626D7BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626D7BB second address: 626D7CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6266427 second address: 6266483 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5280DFF518h 0x00000008 push esi 0x00000009 pop esi 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d pushad 0x0000000e jng 00007F5280DFF506h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c jmp 00007F5280DFF514h 0x00000021 pop eax 0x00000022 jo 00007F5280DFF518h 0x00000028 jmp 00007F5280DFF510h 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626C7AB second address: 626C7AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626CA71 second address: 626CA77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626CD0A second address: 626CD10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626CD10 second address: 626CD26 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F5280DFF511h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626CD26 second address: 626CD5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 ja 00007F5280E897A6h 0x0000000c jl 00007F5280E897A6h 0x00000012 jns 00007F5280E897A6h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b jl 00007F5280E897C0h 0x00000021 jbe 00007F5280E897AAh 0x00000027 pushad 0x00000028 jnp 00007F5280E897A6h 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626D048 second address: 626D04C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626FFF2 second address: 626FFFC instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5280E897ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626FFFC second address: 627006D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 2360D7B9h 0x0000000d jmp 00007F5280DFF513h 0x00000012 lea ebx, dword ptr [ebp+12455DEDh] 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007F5280DFF508h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 00000018h 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 mov dword ptr [ebp+124507D0h], ecx 0x00000038 jne 00007F5280DFF50Ch 0x0000003e xchg eax, ebx 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F5280DFF516h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627006D second address: 6270084 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280E897ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6270084 second address: 627008B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627015A second address: 6270197 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5280E897ACh 0x00000008 je 00007F5280E897A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007F5280E897ACh 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a pushad 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e jmp 00007F5280E897B3h 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627030D second address: 627033C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jc 00007F5280DFF506h 0x0000000c pop ebx 0x0000000d popad 0x0000000e nop 0x0000000f cmc 0x00000010 push 00000000h 0x00000012 mov dl, 4Ch 0x00000014 add dword ptr [ebp+122D3AABh], edx 0x0000001a push A53CB6A8h 0x0000001f pushad 0x00000020 pushad 0x00000021 jmp 00007F5280DFF50Ch 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6270422 second address: 6270431 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5280E897ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6270431 second address: 627044A instructions: 0x00000000 rdtsc 0x00000002 js 00007F5280DFF506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jp 00007F5280DFF508h 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6290E9E second address: 6290EA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6290FF4 second address: 6290FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6290FF8 second address: 6290FFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6290FFC second address: 6291002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6291131 second address: 6291136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6291136 second address: 6291161 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5280DFF50Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5280DFF517h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62912AD second address: 62912B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6291814 second address: 6291832 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5280DFF50Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jmp 00007F5280DFF50Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6291832 second address: 629183A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6291AF8 second address: 6291AFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6291AFC second address: 6291B02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6291B02 second address: 6291B14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F5280DFF50Ch 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62920E9 second address: 62920ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 629250A second address: 629250E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 629250E second address: 6292512 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62963FF second address: 6296403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6296403 second address: 6296413 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5280E897A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62965A8 second address: 62965B8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6296699 second address: 62966A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62966A7 second address: 62966AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62966AC second address: 62966EF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F5280E897B4h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jmp 00007F5280E897ACh 0x00000014 mov eax, dword ptr [eax] 0x00000016 pushad 0x00000017 jmp 00007F5280E897B2h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62966EF second address: 62966F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625A971 second address: 625A975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625A975 second address: 625A97B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625A97B second address: 625A9A3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F5280E897B6h 0x00000008 js 00007F5280E897A6h 0x0000000e pop ecx 0x0000000f jnp 00007F5280E897ACh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 629E582 second address: 629E59D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5280DFF506h 0x00000008 jmp 00007F5280DFF511h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 629E59D second address: 629E5BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F5280E897AFh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ebx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 629E83F second address: 629E860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F5280DFF519h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 629E860 second address: 629E87F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jmp 00007F5280E897AEh 0x0000000d jne 00007F5280E897A6h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 629E87F second address: 629E88B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F5280DFF506h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62A06DB second address: 62A06DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62A06DF second address: 62A06E9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5280DFF506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62A06E9 second address: 62A06F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F5280E897A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62A081C second address: 62A0822 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 3088DE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 4D3AD3 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 308935 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 534D58 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 62964ED instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 6294CC9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 60EB04E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 60EDB9C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 6332BBC instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion			Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 4872	Thread sleep time: -38019s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6728	Thread sleep time: -36018s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 4500	Thread sleep time: -32000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7140	Thread sleep time: -270000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6596	Thread sleep time: -30015s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 424	Thread sleep time: -38019s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2412	Thread sleep time: -46023s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6748	Thread sleep time: -30015s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696492231
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: file.exe, 00000000.00000003.1349911770.0000000005BB1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696492231p
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696492231f
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696492231
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: file.exe, 00000000.00000003.1350038818.0000000005BA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Source: file.exe, 00000000.00000003.1433365146.0000000001386000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Source: Yara match	File source: Process Memory Space: file.exe PID: 5832, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\formhistory.sqlite			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.db			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\logins.json			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\AQRFEVRTGL			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\AQRFEVRTGL			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NWCXBPIUYI			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NWCXBPIUYI			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\AQRFEVRTGL			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\AQRFEVRTGL			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\AQRFEVRTGL			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\AQRFEVRTGL			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BXAJUJAOEO			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BXAJUJAOEO			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\DQOFHVHTMG			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\DQOFHVHTMG			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\HMPPSXQPQV			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\HMPPSXQPQV			Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 5832, type: MEMORYSTR

Remote Access Functionality

Source: Yara match	File source: Process Memory Space: file.exe PID: 5832, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR