Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1571894
MD5:	1524da94feeebb2a921c3065f4da2383
SHA1:	68ad3edc97d668005f47ac76d5a0f8397d24b8cb
SHA256:	4228f1c544520402ca8d8120aca88167f1b23ccb2efb536fe668dc6dd0bc267c
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Potentially malicious time measurement code found

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://atten-supporse.biz/apir

Avira URL Cloud: Label: malware

Found malware configuration

Source: file.exe.3508.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["impend-differ.biz", "covery-mover.biz", "atten-supporse.biz", "formy-spill.biz", "zinc-sneark.biz", "dwell-exclaim.biz", "dare-curbys.biz", "print-vexer.biz", "se-blurry.biz"], "Build id": "LOGS11--LiveTraffic"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: impend-differ.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: print-vexer.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dare-curbys.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: covery-mover.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: formy-spill.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dwell-exclaim.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: zinc-sneark.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: se-blurry.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: atten-supporse.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: LOGS11--LiveTraffic

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49707 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+05h]	0_2_00F9A960
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edx], bl	0_2_00F9CE55
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00F99CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00FBA060
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	0_2_00FB5F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h]	0_2_00FB6170
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00FB2270
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi+ebx], 00000000h	0_2_00F9C274
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push eax	0_2_00F9C36E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00FC45F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00FB86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp al, 2Eh	0_2_00FB66E7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h]	0_2_00FBC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00FBC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	0_2_00FBC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	0_2_00FBC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh	0_2_00FCE690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_00FBA630
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00FB0717
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00FB0717
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00FB86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	0_2_00FBAAD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00FCCAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi]	0_2_00F92B70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, word ptr [ecx+ebx*2]	0_2_00FC6B20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00FCCCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00FCCD60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h	0_2_00FACEA5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00FA6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_00FA6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00FCCE00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebx, 03h	0_2_00FB8F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h	0_2_00FA4F08
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, edx	0_2_00FA4F08
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00FAD087
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_00FBD085
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_00FBD085
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00FAD074
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00FA7190
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch]	0_2_00FB92D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ebx	0_2_00FB92D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [00FD4284h]	0_2_00FB5230
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00FBB3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00FBB3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, bx	0_2_00FB536C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00FB7307
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00FBB4BB
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_00F97470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_00F97470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00FBB475
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-41h]	0_2_00FB96D8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch]	0_2_00FB7653
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00FA597D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h	0_2_00FB5920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, eax	0_2_00F95910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00F95910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00FA6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_00FA6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	0_2_00FA5ADC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00FCDBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh	0_2_00FCDCF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h	0_2_00FA9C10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh]	0_2_00FA5EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00FB1EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00FA7E82
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	0_2_00FBBFDA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	0_2_00FBBFD3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h	0_2_00FCDFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	0_2_00FB5F7D

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.6:55759 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:49707 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:49709 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49707 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49707 -> 104.21.64.1:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	URLs: atten-supporse.biz
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	URLs: dwell-exclaim.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz
Source: Malware configuration extractor	URLs: print-vexer.biz
Source: Malware configuration extractor	URLs: se-blurry.biz

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49709 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49707 -> 104.21.64.1:443

Uses a known web browser user agent for HTTP communication

Source: global traffic

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: atten-supporse.biz

Source: unknown

Source: file.exe, 00000000.00000002.2181217989.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181184047.0000000000BB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/
Source: file.exe, 00000000.00000003.2179066828.0000000000C1D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2180995646.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2180062935.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181217989.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api
Source: file.exe, 00000000.00000003.2179066828.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181217989.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apir
Source: file.exe, 00000000.00000002.2180995646.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/api

Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707

Source: unknown

HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49707 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F987F0	0_2_00F987F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9A960	0_2_00F9A960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC6F90	0_2_00FC6F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01066100	0_2_01066100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B4102	0_2_010B4102
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01014112	0_2_01014112
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010EE11A	0_2_010EE11A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01008117	0_2_01008117
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC80D9	0_2_00FC80D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C6126	0_2_010C6126
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF40C9	0_2_00FF40C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80B0	0_2_00FB80B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01098142	0_2_01098142
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107E154	0_2_0107E154
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107A165	0_2_0107A165
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01076175	0_2_01076175
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A217F	0_2_010A217F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01096177	0_2_01096177
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106818B	0_2_0106818B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9E06A	0_2_00F9E06A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB5F7D	0_2_00FB5F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010521A3	0_2_010521A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D81B4	0_2_010D81B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010EA1CC	0_2_010EA1CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010881CB	0_2_010881CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AC1C9	0_2_010AC1C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCA030	0_2_00FCA030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106A1E3	0_2_0106A1E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104C1EE	0_2_0104C1EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BC1F6	0_2_010BC1F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B800B	0_2_010B800B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F981F0	0_2_00F981F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C4014	0_2_010C4014
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103201C	0_2_0103201C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DA02D	0_2_010DA02D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC01D0	0_2_00FC01D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105A03D	0_2_0105A03D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01090032	0_2_01090032
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AC036	0_2_010AC036
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107C03A	0_2_0107C03A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DC04B	0_2_010DC04B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D6041	0_2_010D6041
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102A061	0_2_0102A061
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A406C	0_2_010A406C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB6170	0_2_00FB6170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109C086	0_2_0109C086
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102609A	0_2_0102609A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010440AB	0_2_010440AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010600B1	0_2_010600B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010380BE	0_2_010380BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E80CE	0_2_010E80CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFE13A	0_2_00FFE13A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010800C0	0_2_010800C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B20DD	0_2_010B20DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BE0D5	0_2_010BE0D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010840FB	0_2_010840FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AE0F9	0_2_010AE0F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010360F4	0_2_010360F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108A0F1	0_2_0108A0F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBA100	0_2_00FBA100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01046308	0_2_01046308
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01088314	0_2_01088314
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100A326	0_2_0100A326
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103E32D	0_2_0103E32D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01016331	0_2_01016331
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCE2C0	0_2_00FCE2C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103433E	0_2_0103433E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9E2A9	0_2_00F9E2A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01058375	0_2_01058375
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01072370	0_2_01072370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F94270	0_2_00F94270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB2270	0_2_00FB2270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103A38D	0_2_0103A38D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C439F	0_2_010C439F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C394	0_2_0102C394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105A39A	0_2_0105A39A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010243B2	0_2_010243B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010203B8	0_2_010203B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010143BC	0_2_010143BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010023BF	0_2_010023BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105C3C1	0_2_0105C3C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C23EC	0_2_010C23EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D63EC	0_2_010D63EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A03FF	0_2_010A03FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F96200	0_2_00F96200
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DC20F	0_2_010DC20F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCA3F0	0_2_00FCA3F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01010212	0_2_01010212
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CC21A	0_2_010CC21A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01018216	0_2_01018216
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0115A20E	0_2_0115A20E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106222C	0_2_0106222C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105A237	0_2_0105A237
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103C238	0_2_0103C238
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFC3BC	0_2_00FFC3BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100C258	0_2_0100C258
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104E25D	0_2_0104E25D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF4389	0_2_00FF4389
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108627E	0_2_0108627E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A829B	0_2_010A829B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D0299	0_2_010D0299
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAC360	0_2_00FAC360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01042299	0_2_01042299
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010062A3	0_2_010062A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010502C4	0_2_010502C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010302EA	0_2_010302EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010742FC	0_2_010742FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01032513	0_2_01032513
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BC51F	0_2_010BC51F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01022518	0_2_01022518
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104C544	0_2_0104C544
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01068546	0_2_01068546
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010EE543	0_2_010EE543
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100856B	0_2_0100856B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01052572	0_2_01052572
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01046579	0_2_01046579
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C4573	0_2_010C4573
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D8591	0_2_010D8591
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106E5C7	0_2_0106E5C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AC5CC	0_2_010AC5CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC6430	0_2_00FC6430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010045CE	0_2_010045CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010445D5	0_2_010445D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF642B	0_2_00FF642B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010165DB	0_2_010165DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100A5DB	0_2_0100A5DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010805D7	0_2_010805D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AA5ED	0_2_010AA5ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF8408	0_2_00FF8408
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100E40F	0_2_0100E40F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101C40E	0_2_0101C40E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01098418	0_2_01098418
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01102407	0_2_01102407
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104041C	0_2_0104041C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01144435	0_2_01144435
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01026436	0_2_01026436
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105645E	0_2_0105645E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01090456	0_2_01090456
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109E456	0_2_0109E456
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107A460	0_2_0107A460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106E48F	0_2_0106E48F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA6571	0_2_00FA6571
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102A4A0	0_2_0102A4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103E4B9	0_2_0103E4B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010704BA	0_2_010704BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010624C7	0_2_010624C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AE4CC	0_2_010AE4CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B44C3	0_2_010B44C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010924C4	0_2_010924C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BE4C6	0_2_010BE4C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108A4D5	0_2_0108A4D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D24EB	0_2_010D24EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB66E7	0_2_00FB66E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0111C732	0_2_0111C732
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBC6D7	0_2_00FBC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01158754	0_2_01158754
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01086741	0_2_01086741
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109075F	0_2_0109075F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108E76A	0_2_0108E76A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F96690	0_2_00F96690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103076A	0_2_0103076A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105E76E	0_2_0105E76E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC6690	0_2_00FC6690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCE690	0_2_00FCE690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104A770	0_2_0104A770
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D0774	0_2_010D0774
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E4770	0_2_010E4770
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104678D	0_2_0104678D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA2670	0_2_00FA2670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C78F	0_2_0102C78F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01084796	0_2_01084796
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A27B8	0_2_010A27B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106C7B0	0_2_0106C7B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107A7DB	0_2_0107A7DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010387FF	0_2_010387FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF07F7	0_2_00FF07F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01054611	0_2_01054611
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF47D7	0_2_00FF47D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104262C	0_2_0104262C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C8623	0_2_010C8623
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A863C	0_2_010A863C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CC635	0_2_010CC635
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E6631	0_2_010E6631
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108C65B	0_2_0108C65B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA67A5	0_2_00FA67A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101066C	0_2_0101066C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E068A	0_2_010E068A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010EC68A	0_2_010EC68A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100E68B	0_2_0100E68B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E2681	0_2_010E2681
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFA75B	0_2_00FFA75B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105A6AC	0_2_0105A6AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF874C	0_2_00FF874C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010746BF	0_2_010746BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010566BF	0_2_010566BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA8731	0_2_00FA8731
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010186CF	0_2_010186CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C26EF	0_2_010C26EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010646E0	0_2_010646E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010946E1	0_2_010946E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB0717	0_2_00FB0717
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010446F4	0_2_010446F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107C902	0_2_0107C902
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01056924	0_2_01056924
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D8925	0_2_010D8925
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AE923	0_2_010AE923
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103E92F	0_2_0103E92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B8934	0_2_010B8934
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010EA959	0_2_010EA959
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01016962	0_2_01016962
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109296D	0_2_0109296D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01010970	0_2_01010970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01002984	0_2_01002984
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103A984	0_2_0103A984
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF6857	0_2_00FF6857
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C49BF	0_2_010C49BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104E9D4	0_2_0104E9D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102A9D8	0_2_0102A9D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DC9D1	0_2_010DC9D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010769E2	0_2_010769E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AC9E0	0_2_010AC9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CE81A	0_2_010CE81A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101281A	0_2_0101281A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010EE844	0_2_010EE844
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01082843	0_2_01082843
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0114C846	0_2_0114C846
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BC85F	0_2_010BC85F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107885A	0_2_0107885A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102885C	0_2_0102885C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01036863	0_2_01036863
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104A860	0_2_0104A860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DA86A	0_2_010DA86A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F98990	0_2_00F98990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DE861	0_2_010DE861
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01006881	0_2_01006881
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB297F	0_2_00FB297F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B4881	0_2_010B4881
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100E8AB	0_2_0100E8AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D28A1	0_2_010D28A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010488B7	0_2_010488B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010688CF	0_2_010688CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010948E0	0_2_010948E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010088EE	0_2_010088EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108A8E7	0_2_0108A8E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AA8F8	0_2_010AA8F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109A8FC	0_2_0109A8FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010208F4	0_2_010208F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BAB0B	0_2_010BAB0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01052B02	0_2_01052B02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C2B1E	0_2_010C2B1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A4B2A	0_2_010A4B2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01012B20	0_2_01012B20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01074B21	0_2_01074B21
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106EB2C	0_2_0106EB2C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E2B20	0_2_010E2B20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E4B3D	0_2_010E4B3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCCAC0	0_2_00FCCAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102EB3D	0_2_0102EB3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D4B4E	0_2_010D4B4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BEB42	0_2_010BEB42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF2AA1	0_2_00FF2AA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01048B78	0_2_01048B78
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01090B77	0_2_01090B77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D6B8F	0_2_010D6B8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103EB90	0_2_0103EB90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFCA5A	0_2_00FFCA5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9CA54	0_2_00F9CA54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CABBF	0_2_010CABBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109CBBC	0_2_0109CBBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA4A40	0_2_00FA4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01026BD5	0_2_01026BD5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108ABF9	0_2_0108ABF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01096BF8	0_2_01096BF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01036BF1	0_2_01036BF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01034BF0	0_2_01034BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01074A07	0_2_01074A07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B2A1D	0_2_010B2A1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF0BE5	0_2_00FF0BE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103CA28	0_2_0103CA28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF6BCC	0_2_00FF6BCC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F94BA0	0_2_00F94BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E6A77	0_2_010E6A77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A8A74	0_2_010A8A74
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01034A80	0_2_01034A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DAA8E	0_2_010DAA8E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA6B7E	0_2_00FA6B7E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01054A9B	0_2_01054A9B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FACB5A	0_2_00FACB5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E0ABE	0_2_010E0ABE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100AAB8	0_2_0100AAB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01004AC8	0_2_01004AC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105CAEE	0_2_0105CAEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105EAF2	0_2_0105EAF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB2CF8	0_2_00FB2CF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01074D0D	0_2_01074D0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01056D0E	0_2_01056D0E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109CD1C	0_2_0109CD1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCCCE0	0_2_00FCCCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106CD25	0_2_0106CD25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101AD2A	0_2_0101AD2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01060D35	0_2_01060D35
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01098D45	0_2_01098D45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D0D55	0_2_010D0D55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE8C9B	0_2_00FE8C9B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01076D62	0_2_01076D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101ED94	0_2_0101ED94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01080D95	0_2_01080D95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DCDAC	0_2_010DCDAC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DADBD	0_2_010DADBD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC4C4D	0_2_00FC4C4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01092DBB	0_2_01092DBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CCDBB	0_2_010CCDBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01024DB9	0_2_01024DB9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC6C40	0_2_00FC6C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100EDBC	0_2_0100EDBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFAC24	0_2_00FFAC24
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107EDD8	0_2_0107EDD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA8C1E	0_2_00FA8C1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106EDE9	0_2_0106EDE9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01054DFE	0_2_01054DFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01044C0F	0_2_01044C0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D2C1A	0_2_010D2C1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01072C2A	0_2_01072C2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C6C35	0_2_010C6C35
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01006C44	0_2_01006C44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102CC50	0_2_0102CC50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0114EC49	0_2_0114EC49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AEC6A	0_2_010AEC6A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107AC6F	0_2_0107AC6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107EC68	0_2_0107EC68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102AC8B	0_2_0102AC8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB4D70	0_2_00FB4D70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01000C8F	0_2_01000C8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C2C99	0_2_010C2C99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCCD60	0_2_00FCCD60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A2C95	0_2_010A2C95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01066CA4	0_2_01066CA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109ECAD	0_2_0109ECAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01040CAB	0_2_01040CAB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01008CB6	0_2_01008CB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011C4CA5	0_2_011C4CA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01150CDE	0_2_01150CDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102ECDF	0_2_0102ECDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01030CDE	0_2_01030CDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A8CE2	0_2_010A8CE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D4CF5	0_2_010D4CF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01070F07	0_2_01070F07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D8F00	0_2_010D8F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E6F03	0_2_010E6F03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01064F2E	0_2_01064F2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01050F2E	0_2_01050F2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01038F33	0_2_01038F33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106AF33	0_2_0106AF33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB6EBE	0_2_00FB6EBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01062F51	0_2_01062F51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F92EA0	0_2_00F92EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01036F5D	0_2_01036F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101EF6D	0_2_0101EF6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA6E97	0_2_00FA6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100AF8C	0_2_0100AF8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A8FB2	0_2_010A8FB2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102AFC2	0_2_0102AFC2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CAFCD	0_2_010CAFCD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A2FD1	0_2_010A2FD1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01006FEC	0_2_01006FEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01028FEE	0_2_01028FEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAAE00	0_2_00FAAE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCCE00	0_2_00FCCE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01016E1B	0_2_01016E1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01046E25	0_2_01046E25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105EE26	0_2_0105EE26
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA0FD6	0_2_00FA0FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C0E3E	0_2_010C0E3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104EE3F	0_2_0104EE3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01012E3E	0_2_01012E3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFAFBB	0_2_00FFAFBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01086E4E	0_2_01086E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA8FAD	0_2_00FA8FAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D6E6D	0_2_010D6E6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B8E6C	0_2_010B8E6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01022E73	0_2_01022E73
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01090E7A	0_2_01090E7A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01004E86	0_2_01004E86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01042E96	0_2_01042E96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105CE96	0_2_0105CE96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB8F5D	0_2_00FB8F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAEF30	0_2_00FAEF30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B0EDD	0_2_010B0EDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01048ED3	0_2_01048ED3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA4F08	0_2_00FA4F08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01154EEC	0_2_01154EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01137118	0_2_01137118
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106310D	0_2_0106310D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF90E3	0_2_00FF90E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DF113	0_2_010DF113
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01007139	0_2_01007139
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01023145	0_2_01023145
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101514A	0_2_0101514A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100D167	0_2_0100D167
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108F167	0_2_0108F167
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C9178	0_2_010C9178
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBD085	0_2_00FBD085
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01083188	0_2_01083188
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01031186	0_2_01031186
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99070	0_2_00F99070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D1183	0_2_010D1183
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AD196	0_2_010AD196
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C11AA	0_2_010C11AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010771AC	0_2_010771AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109F1D1	0_2_0109F1D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010471D8	0_2_010471D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010431E0	0_2_010431E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109D1EC	0_2_0109D1EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010171E8	0_2_010171E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105D1EC	0_2_0105D1EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFF00F	0_2_00FFF00F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AF1F9	0_2_010AF1F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107F1F1	0_2_0107F1F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010671FC	0_2_010671FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BF002	0_2_010BF002
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100D027	0_2_0100D027
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103F035	0_2_0103F035
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109B03E	0_2_0109B03E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01021056	0_2_01021056
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFD1A7	0_2_00FFD1A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA7190	0_2_00FA7190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01093073	0_2_01093073
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01095073	0_2_01095073
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104507F	0_2_0104507F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF317A	0_2_00FF317A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01085081	0_2_01085081
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108B09F	0_2_0108B09F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF7167	0_2_00FF7167
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010ED095	0_2_010ED095
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E30AD	0_2_010E30AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010350AD	0_2_010350AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101B0B8	0_2_0101B0B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D30C8	0_2_010D30C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010590CD	0_2_010590CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107B0CC	0_2_0107B0CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010750CB	0_2_010750CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BD0D6	0_2_010BD0D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BB0EA	0_2_010BB0EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010690E5	0_2_010690E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010730ED	0_2_010730ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D50E3	0_2_010D50E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104D0F1	0_2_0104D0F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DB31B	0_2_010DB31B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103D322	0_2_0103D322
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB92D0	0_2_00FB92D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01099339	0_2_01099339
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA92BA	0_2_00FA92BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01043353	0_2_01043353
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100B35B	0_2_0100B35B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF129F	0_2_00FF129F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107937C	0_2_0107937C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100D387	0_2_0100D387
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01081396	0_2_01081396
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101D3A9	0_2_0101D3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010593A8	0_2_010593A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D33BB	0_2_010D33BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010073D0	0_2_010073D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105B3D3	0_2_0105B3D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010893D5	0_2_010893D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010613D9	0_2_010613D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010ED3E9	0_2_010ED3E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010413E8	0_2_010413E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011493EB	0_2_011493EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C93F3	0_2_010C93F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100921E	0_2_0100921E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103B221	0_2_0103B221
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CF232	0_2_010CF232
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E924F	0_2_010E924F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB33A0	0_2_00FB33A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CD250	0_2_010CD250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A5255	0_2_010A5255
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF5397	0_2_00FF5397
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103326E	0_2_0103326E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108D278	0_2_0108D278
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010ED274	0_2_010ED274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFB375	0_2_00FFB375
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01003298	0_2_01003298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99360	0_2_00F99360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E12AD	0_2_010E12AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9B351	0_2_00F9B351
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B92A2	0_2_010B92A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010912A2	0_2_010912A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010572A9	0_2_010572A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC533A	0_2_00FC533A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108350C	0_2_0108350C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A950D	0_2_010A950D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108D501	0_2_0108D501
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107D511	0_2_0107D511
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B152B	0_2_010B152B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101F530	0_2_0101F530
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01085536	0_2_01085536
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01009542	0_2_01009542
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C3549	0_2_010C3549
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A3544	0_2_010A3544
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102D555	0_2_0102D555

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00F98000 appears 55 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00FA4A30 appears 76 times

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9976616565743944
Source: file.exe	Static PE information: Section: rmyngibq ZLIB complexity 0.9944709241207951

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FC0A6C CoCreateInstance,

0_2_00FC0A6C

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1838080 > 1048576

Source: file.exe

Static PE information: Raw size of rmyngibq is bigger than: 0x100000 < 0x198c00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.f90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rmyngibq:EW;qytqqcga:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rmyngibq:EW;qytqqcga:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x1c43a8 should be: 0x1c94c4

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: rmyngibq
Source: file.exe	Static PE information: section name: qytqqcga
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0120A167 push eax; mov dword ptr [esp], ecx	0_2_0120ACD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEE0AD push 7628542Ah; mov dword ptr [esp], esp	0_2_00FF0196
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEA093 push 683962B8h; mov dword ptr [esp], eax	0_2_00FEA0A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011D819F push ecx; mov dword ptr [esp], edi	0_2_011D81B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEC047 push 771E6925h; mov dword ptr [esp], esp	0_2_00FEFA02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010621E7 push ebx; mov dword ptr [esp], esi	0_2_010621F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0122E1C1 push 659C3487h; mov dword ptr [esp], ebx	0_2_0122E1C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0115E1EF push esi; mov dword ptr [esp], ebx	0_2_0115E217
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0115E1EF push 2BEE993Eh; mov dword ptr [esp], ebp	0_2_0115E239
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE81FC push edx; ret	0_2_00FE81FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011B800C push edi; mov dword ptr [esp], edx	0_2_011B8022
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0121E068 push ebx; mov dword ptr [esp], edx	0_2_0121E0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011D0098 push 31611189h; mov dword ptr [esp], edx	0_2_011D00BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011BE08C push 1DB62156h; mov dword ptr [esp], eax	0_2_011BE0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010380BE push eax; mov dword ptr [esp], edi	0_2_0103871C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010380BE push edx; mov dword ptr [esp], 1F7F030Bh	0_2_01038766
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010380BE push 5820EDD5h; mov dword ptr [esp], edi	0_2_010387A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_012580E5 push edx; mov dword ptr [esp], ecx	0_2_01258107
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_012580E5 push 47ED5458h; mov dword ptr [esp], ecx	0_2_01258211
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_012580E5 push 362D58D5h; mov dword ptr [esp], edx	0_2_01258253
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E80CE push eax; mov dword ptr [esp], 0E304F8Fh	0_2_010E840C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E80CE push ebx; mov dword ptr [esp], edx	0_2_010E842C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E80CE push ecx; mov dword ptr [esp], 6EEA8F79h	0_2_010E8430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E80CE push ebp; mov dword ptr [esp], 7FFF4A2Ah	0_2_010E84F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE82FA push edi; mov dword ptr [esp], ebp	0_2_00FE8304
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106C310 push 53FE2631h; mov dword ptr [esp], edx	0_2_0106C333
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106C310 push ebp; mov dword ptr [esp], edx	0_2_0106C3BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106C310 push esi; mov dword ptr [esp], edi	0_2_0106C43F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106C310 push esi; mov dword ptr [esp], ebp	0_2_0106C489
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106C310 push edx; mov dword ptr [esp], esp	0_2_0106C4B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106C310 push ebp; mov dword ptr [esp], ecx	0_2_0106C4CB

Source: file.exe	Static PE information: section name: entropy: 7.98596751431181
Source: file.exe	Static PE information: section name: rmyngibq entropy: 7.954341436383283

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE8B68 second address: FE8B71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE8B71 second address: FE8B82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007FA1BCFB6B78h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1156693 second address: 11566A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FA1BD1DB196h 0x0000000c jo 00007FA1BD1DB17Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11566A9 second address: 11566B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11566B1 second address: 11566B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11566B5 second address: 11566B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E6EC second address: 115E6F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11618A7 second address: 11618FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 5EB0E91Ch 0x00000010 mov edi, dword ptr [ebp+122D2A30h] 0x00000016 push 00000003h 0x00000018 mov dword ptr [ebp+122D3AA9h], esi 0x0000001e push 00000000h 0x00000020 push 00000003h 0x00000022 mov edi, dword ptr [ebp+122D2AC4h] 0x00000028 call 00007FA1BCFB6B79h 0x0000002d pushad 0x0000002e jnc 00007FA1BCFB6B78h 0x00000034 push esi 0x00000035 pop esi 0x00000036 push edi 0x00000037 jbe 00007FA1BCFB6B76h 0x0000003d pop edi 0x0000003e popad 0x0000003f push eax 0x00000040 jng 00007FA1BCFB6B7Eh 0x00000046 push ebx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11619D2 second address: 1161A18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB17Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jno 00007FA1BD1DB178h 0x00000011 jmp 00007FA1BD1DB17Ah 0x00000016 popad 0x00000017 nop 0x00000018 or dword ptr [ebp+122D1A1Eh], ebx 0x0000001e push 00000000h 0x00000020 jc 00007FA1BD1DB17Ch 0x00000026 adc edx, 486CCC47h 0x0000002c call 00007FA1BD1DB179h 0x00000031 push eax 0x00000032 push edx 0x00000033 push esi 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1161A18 second address: 1161A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1161A1D second address: 1161A22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1161A22 second address: 1161A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 push edi 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edi 0x0000000d pop edi 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1161A39 second address: 1161A3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1161B00 second address: 1161B6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 084194A1h 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007FA1BCFB6B78h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D3AA9h], eax 0x0000002e lea ebx, dword ptr [ebp+1244C6A9h] 0x00000034 mov ecx, dword ptr [ebp+122D2D88h] 0x0000003a call 00007FA1BCFB6B7Bh 0x0000003f stc 0x00000040 pop edi 0x00000041 xchg eax, ebx 0x00000042 push eax 0x00000043 jo 00007FA1BCFB6B78h 0x00000049 push edx 0x0000004a pop edx 0x0000004b pop eax 0x0000004c push eax 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007FA1BCFB6B85h 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180430 second address: 1180436 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180436 second address: 118043A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118043A second address: 1180442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180442 second address: 1180447 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180447 second address: 1180450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180450 second address: 1180454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118125F second address: 1181272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA1BD1DB176h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007FA1BD1DB176h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11752FF second address: 1175305 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1175305 second address: 1175317 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007FA1BD1DB176h 0x0000000d push edx 0x0000000e pop edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1175317 second address: 1175338 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA1BCFB6B8Ch 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1175338 second address: 117534C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA1BD1DB176h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117534C second address: 117535A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181558 second address: 118155E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181ECE second address: 1181ED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181ED4 second address: 1181EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181EDF second address: 1181EE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181EE3 second address: 1181EED instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA1BD1DB176h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115828C second address: 115829F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118DBC8 second address: 118DBE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BD1DB184h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118DD73 second address: 118DD77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118DD77 second address: 118DD87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007FA1BD1DB176h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118DD87 second address: 118DDD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B82h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FA1BCFB6B93h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FA1BCFB6B80h 0x0000001a push esi 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118DDD8 second address: 118DDF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB186h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118DF72 second address: 118DF82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Ah 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E237 second address: 118E23B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E23B second address: 118E23F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E23F second address: 118E257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jc 00007FA1BD1DB176h 0x00000011 jc 00007FA1BD1DB176h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E257 second address: 118E25C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E3ED second address: 118E401 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jg 00007FA1BD1DB176h 0x0000000d pop eax 0x0000000e pop ebx 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E59E second address: 118E5A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11924DB second address: 11924E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11924E1 second address: 11924E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11924E5 second address: 119255C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB186h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [esp], 25F8E1DAh 0x00000012 jg 00007FA1BD1DB184h 0x00000018 call 00007FA1BD1DB179h 0x0000001d jmp 00007FA1BD1DB185h 0x00000022 push eax 0x00000023 pushad 0x00000024 jmp 00007FA1BD1DB17Ch 0x00000029 pushad 0x0000002a js 00007FA1BD1DB176h 0x00000030 push ebx 0x00000031 pop ebx 0x00000032 popad 0x00000033 popad 0x00000034 mov eax, dword ptr [esp+04h] 0x00000038 push esi 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119255C second address: 1192560 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1192560 second address: 1192585 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FA1BD1DB184h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1192921 second address: 1192934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1192934 second address: 119293A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119293A second address: 119293E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11929E7 second address: 11929EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1192BBF second address: 1192BCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1192BCB second address: 1192BD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119308D second address: 1193097 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA1BCFB6B76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11932D6 second address: 11932E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FA1BD1DB176h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11932E0 second address: 11932FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA1BCFB6B84h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119371A second address: 119371F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1194E62 second address: 1194E66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119613F second address: 119618F instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA1BD1DB18Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edi, 5FFABFAAh 0x00000012 push 00000000h 0x00000014 sbb esi, 0EC8A047h 0x0000001a push 00000000h 0x0000001c call 00007FA1BD1DB17Ch 0x00000021 mov dword ptr [ebp+122D1EB7h], edi 0x00000027 pop edi 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c jc 00007FA1BD1DB176h 0x00000032 pop eax 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1196C0B second address: 1196C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11976A0 second address: 11976A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119814F second address: 1198153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119741C second address: 1197422 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1199471 second address: 1199475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1197422 second address: 1197426 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CC47 second address: 119CC4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119EAE5 second address: 119EAE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119EAE9 second address: 119EB02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA1BCFB6B80h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119F9C5 second address: 119FA3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BD1DB184h 0x00000008 jmp 00007FA1BD1DB185h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 add dword ptr [ebp+122D260Fh], ebx 0x00000017 push 00000000h 0x00000019 mov edi, dword ptr [ebp+122D3588h] 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push ebp 0x00000024 call 00007FA1BD1DB178h 0x00000029 pop ebp 0x0000002a mov dword ptr [esp+04h], ebp 0x0000002e add dword ptr [esp+04h], 0000001Bh 0x00000036 inc ebp 0x00000037 push ebp 0x00000038 ret 0x00000039 pop ebp 0x0000003a ret 0x0000003b xor edi, 4C2D6046h 0x00000041 xchg eax, esi 0x00000042 jl 00007FA1BD1DB180h 0x00000048 pushad 0x00000049 pushad 0x0000004a popad 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119FA3A second address: 119FA52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 jmp 00007FA1BCFB6B7Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A1B24 second address: 11A1B28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A0ABC second address: 11A0AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A1B28 second address: 11A1B2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A0AC0 second address: 11A0AD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BCFB6B7Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A0BBA second address: 11A0BBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A0BBE second address: 11A0BDD instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA1BCFB6B7Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A2C26 second address: 11A2C2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A0BDD second address: 11A0BF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B88h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A2C2A second address: 11A2CB7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BD1DB176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov bx, ax 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007FA1BD1DB178h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d jmp 00007FA1BD1DB17Bh 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push esi 0x00000037 call 00007FA1BD1DB178h 0x0000003c pop esi 0x0000003d mov dword ptr [esp+04h], esi 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc esi 0x0000004a push esi 0x0000004b ret 0x0000004c pop esi 0x0000004d ret 0x0000004e and bx, 4D5Ch 0x00000053 xchg eax, esi 0x00000054 jmp 00007FA1BD1DB187h 0x00000059 push eax 0x0000005a push esi 0x0000005b push eax 0x0000005c push edx 0x0000005d jne 00007FA1BD1DB176h 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A3D7F second address: 11A3D83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A3D83 second address: 11A3D87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A4C5A second address: 11A4C5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5C71 second address: 11A5C77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5C77 second address: 11A5C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5C7B second address: 11A5C98 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA1BD1DB176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jnl 00007FA1BD1DB176h 0x00000016 jnp 00007FA1BD1DB176h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A3F15 second address: 11A3F43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B89h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007FA1BCFB6B7Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A3F43 second address: 11A3FED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB17Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push esi 0x0000000b mov edi, dword ptr [ebp+122D2CE0h] 0x00000011 pop edi 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov edi, dword ptr [ebp+122D349Ch] 0x0000001f movzx edi, si 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push ebx 0x0000002c call 00007FA1BD1DB178h 0x00000031 pop ebx 0x00000032 mov dword ptr [esp+04h], ebx 0x00000036 add dword ptr [esp+04h], 0000001Bh 0x0000003e inc ebx 0x0000003f push ebx 0x00000040 ret 0x00000041 pop ebx 0x00000042 ret 0x00000043 mov eax, dword ptr [ebp+122D08D1h] 0x00000049 jp 00007FA1BD1DB190h 0x0000004f push FFFFFFFFh 0x00000051 push 00000000h 0x00000053 push esi 0x00000054 call 00007FA1BD1DB178h 0x00000059 pop esi 0x0000005a mov dword ptr [esp+04h], esi 0x0000005e add dword ptr [esp+04h], 0000001Dh 0x00000066 inc esi 0x00000067 push esi 0x00000068 ret 0x00000069 pop esi 0x0000006a ret 0x0000006b and bh, FFFFFFAFh 0x0000006e nop 0x0000006f push eax 0x00000070 push edx 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5E0B second address: 11A5E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 jp 00007FA1BCFB6B82h 0x0000000f jnl 00007FA1BCFB6B7Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6E84 second address: 11A6F24 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007FA1BD1DB178h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 0000001Bh 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 sub bx, 1C4Dh 0x00000027 mov dword ptr [ebp+122D35F0h], ecx 0x0000002d push dword ptr fs:[00000000h] 0x00000034 ja 00007FA1BD1DB179h 0x0000003a mov dword ptr fs:[00000000h], esp 0x00000041 and di, E600h 0x00000046 mov eax, dword ptr [ebp+122D0795h] 0x0000004c push 00000000h 0x0000004e push ebx 0x0000004f call 00007FA1BD1DB178h 0x00000054 pop ebx 0x00000055 mov dword ptr [esp+04h], ebx 0x00000059 add dword ptr [esp+04h], 0000001Bh 0x00000061 inc ebx 0x00000062 push ebx 0x00000063 ret 0x00000064 pop ebx 0x00000065 ret 0x00000066 clc 0x00000067 mov ebx, dword ptr [ebp+122D2843h] 0x0000006d movsx edi, ax 0x00000070 push FFFFFFFFh 0x00000072 push eax 0x00000073 push eax 0x00000074 push edx 0x00000075 push ecx 0x00000076 jmp 00007FA1BD1DB184h 0x0000007b pop ecx 0x0000007c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A3FED second address: 11A3FF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7BA6 second address: 11A7BAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7BAB second address: 11A7BB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7BB9 second address: 11A7BBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7BBD second address: 11A7BC7 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7BC7 second address: 11A7C42 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA1BD1DB189h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jmp 00007FA1BD1DB183h 0x00000010 push 00000000h 0x00000012 mov bh, cl 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007FA1BD1DB178h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 mov ebx, dword ptr [ebp+122D323Ch] 0x00000036 mov bx, 87BEh 0x0000003a xchg eax, esi 0x0000003b jmp 00007FA1BD1DB186h 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 pushad 0x00000045 popad 0x00000046 pop eax 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7C42 second address: 11A7C58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BCFB6B82h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7DBD second address: 11A7DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A8DA8 second address: 11A8DD3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FA1BCFB6B78h 0x0000000c popad 0x0000000d push eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA1BCFB6B88h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AAC39 second address: 11AAC3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AAC3D second address: 11AACF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA1BCFB6B81h 0x0000000b popad 0x0000000c push eax 0x0000000d js 00007FA1BCFB6B8Fh 0x00000013 jmp 00007FA1BCFB6B89h 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007FA1BCFB6B78h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 jmp 00007FA1BCFB6B7Fh 0x00000038 push 00000000h 0x0000003a add ebx, dword ptr [ebp+122D284Dh] 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push ebp 0x00000045 call 00007FA1BCFB6B78h 0x0000004a pop ebp 0x0000004b mov dword ptr [esp+04h], ebp 0x0000004f add dword ptr [esp+04h], 00000014h 0x00000057 inc ebp 0x00000058 push ebp 0x00000059 ret 0x0000005a pop ebp 0x0000005b ret 0x0000005c xchg eax, esi 0x0000005d jmp 00007FA1BCFB6B80h 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 jns 00007FA1BCFB6B86h 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AACF2 second address: 11AACF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AF405 second address: 11AF409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AF409 second address: 11AF41F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB182h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AF41F second address: 11AF425 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B2FDE second address: 11B2FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FA1BD1DB17Dh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8BAA second address: 11B8BB4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8BB4 second address: 11B8BE6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FA1BD1DB17Fh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop edx 0x00000011 push esi 0x00000012 jmp 00007FA1BD1DB17Ch 0x00000017 pop esi 0x00000018 popad 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d pushad 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8BE6 second address: 11B8BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jnc 00007FA1BCFB6B78h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8BFE second address: 11B8C02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8C02 second address: 11B8C08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8C08 second address: 11B8C0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8C0E second address: 11B8C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BDCE1 second address: 11BDCF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 je 00007FA1BD1DB17Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BDF8D second address: 11BDF9A instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BDF9A second address: 11BDFA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jnp 00007FA1BD1DB176h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BE28F second address: 11BE2B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BCFB6B88h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BE2B2 second address: 11BE2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jp 00007FA1BD1DB178h 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C4528 second address: 11C4544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B80h 0x00000009 je 00007FA1BCFB6B76h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114DED8 second address: 114DEEA instructions: 0x00000000 rdtsc 0x00000002 je 00007FA1BD1DB176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007FA1BD1DB17Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C313E second address: 11C3144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3144 second address: 11C315E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jno 00007FA1BD1DB17Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C315E second address: 11C316F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C316F second address: 11C318D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jbe 00007FA1BD1DB176h 0x0000000f jmp 00007FA1BD1DB17Dh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C344D second address: 11C3453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3453 second address: 11C345C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C345C second address: 11C3462 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3462 second address: 11C3468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3468 second address: 11C346E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C35E8 second address: 11C35EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C38F2 second address: 11C38F8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3A49 second address: 11C3A68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007FA1BD1DB184h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3C06 second address: 11C3C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3C0C second address: 11C3C10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3C10 second address: 11C3C16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3C16 second address: 11C3C32 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA1BD1DB18Eh 0x00000008 jmp 00007FA1BD1DB182h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3D69 second address: 11C3D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3D6F second address: 11C3D73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C2BA6 second address: 11C2BD0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA1BCFB6B8Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FA1BCFB6B76h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C2BD0 second address: 11C2BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C2BD4 second address: 11C2BDA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CBE24 second address: 11CBE35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB17Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CBE35 second address: 11CBE44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BCFB6B7Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CBE44 second address: 11CBE4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1190CBC second address: 1190CC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1190CC2 second address: 11752FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007FA1BD1DB178h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 mov ecx, dword ptr [ebp+122D2D78h] 0x00000029 call dword ptr [ebp+122D33E5h] 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 jmp 00007FA1BD1DB185h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191321 second address: 1191333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 pushad 0x0000000a je 00007FA1BCFB6B7Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191333 second address: 119133A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191611 second address: 1191629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BCFB6B84h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191C12 second address: 1191C16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191C16 second address: 1191C63 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D35B5h], ecx 0x00000014 push 0000001Eh 0x00000016 jmp 00007FA1BCFB6B7Dh 0x0000001b pushad 0x0000001c jne 00007FA1BCFB6B76h 0x00000022 sub eax, dword ptr [ebp+122D2A94h] 0x00000028 popad 0x00000029 nop 0x0000002a pushad 0x0000002b jmp 00007FA1BCFB6B86h 0x00000030 push eax 0x00000031 push edx 0x00000032 push edx 0x00000033 pop edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191C63 second address: 1191C67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CB377 second address: 11CB391 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B7Eh 0x00000009 jc 00007FA1BCFB6B7Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CB391 second address: 11CB39D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA1BD1DB17Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CB685 second address: 11CB68C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CB979 second address: 11CB993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 js 00007FA1BD1DB192h 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e jne 00007FA1BD1DB176h 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD5D8 second address: 11CD5DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD5DE second address: 11CD5ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 jnp 00007FA1BD1DB194h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD5ED second address: 11CD5F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD5F3 second address: 11CD5F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D09CB second address: 11D09D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D5F57 second address: 11D5F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB17Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D5C24 second address: 11D5C2E instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D5C2E second address: 11D5C7D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jl 00007FA1BD1DB176h 0x00000009 pop edi 0x0000000a pushad 0x0000000b jmp 00007FA1BD1DB180h 0x00000010 jc 00007FA1BD1DB176h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a pushad 0x0000001b push edi 0x0000001c pop edi 0x0000001d jnl 00007FA1BD1DB176h 0x00000023 jmp 00007FA1BD1DB183h 0x00000028 push esi 0x00000029 pop esi 0x0000002a popad 0x0000002b jc 00007FA1BD1DB178h 0x00000031 pushad 0x00000032 popad 0x00000033 push ebx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D5C7D second address: 11D5C8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007FA1BCFB6B76h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D5C8A second address: 11D5C8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D690B second address: 11D692E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA1BCFB6B7Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D692E second address: 11D6948 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB180h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D6948 second address: 11D6972 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B83h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FA1BCFB6B80h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D6972 second address: 11D698D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB185h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D698D second address: 11D6992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D6992 second address: 11D699D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114FA60 second address: 114FA66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114FA66 second address: 114FA6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DBF14 second address: 11DBF1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DBF1A second address: 11DBF1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DBF1F second address: 11DBF26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DBF26 second address: 11DBF58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB181h 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007FA1BD1DB183h 0x00000010 pop eax 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DBF58 second address: 11DBF62 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA1BCFB6B76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DC390 second address: 11DC395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DC395 second address: 11DC3C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BCFB6B81h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA1BCFB6B83h 0x00000012 jng 00007FA1BCFB6B76h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DEB8F second address: 11DEB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DEB95 second address: 11DEB9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DEB9B second address: 11DEB9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E8545 second address: 11E854B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E7181 second address: 11E71BE instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BD1DB187h 0x00000008 jmp 00007FA1BD1DB188h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jo 00007FA1BD1DB18Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E71BE second address: 11E71C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E7555 second address: 11E755D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E755D second address: 11E7570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ebx 0x00000007 jnp 00007FA1BCFB6B78h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E7570 second address: 11E7576 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191A81 second address: 1191A87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191A87 second address: 1191A8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191A8B second address: 1191A8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E76DC second address: 11E76E6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA1BD1DB17Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E76E6 second address: 11E76F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED228 second address: 11ED22C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC4A8 second address: 11EC4AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC76F second address: 11EC775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC775 second address: 11EC779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC8E3 second address: 11EC8EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC8EB second address: 11EC8FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FA1BCFB6B76h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC8FA second address: 11EC8FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC8FE second address: 11EC904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC904 second address: 11EC90D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECA76 second address: 11ECA83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 js 00007FA1BCFB6B94h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECA83 second address: 11ECAA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB188h 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECC11 second address: 11ECC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECC17 second address: 11ECC1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECC1B second address: 11ECC1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECC1F second address: 11ECC3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA1BD1DB184h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECDA0 second address: 11ECDA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECDA6 second address: 11ECDAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECDAC second address: 11ECDC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 jnc 00007FA1BCFB6B76h 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECDC2 second address: 11ECDC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECDC6 second address: 11ECDF4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA1BCFB6B76h 0x00000008 jmp 00007FA1BCFB6B7Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FA1BCFB6B89h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECDF4 second address: 11ECE06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jbe 00007FA1BD1DB176h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F4987 second address: 11F498E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F498E second address: 11F49A4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA1BD1DB178h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007FA1BD1DB178h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F49A4 second address: 11F49C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FA1BCFB6B88h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F32DA second address: 11F32F4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FA1BD1DB184h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F38B9 second address: 11F38C5 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA1BCFB6B76h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F43D1 second address: 11F4412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB185h 0x00000009 pop edi 0x0000000a pushad 0x0000000b push edx 0x0000000c jne 00007FA1BD1DB176h 0x00000012 pop edx 0x00000013 push ebx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 jmp 00007FA1BD1DB187h 0x0000001b pop ebx 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA2CE second address: 11FA2E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B82h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA2E6 second address: 11FA315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop ebx 0x00000009 popad 0x0000000a pushad 0x0000000b jnl 00007FA1BD1DB17Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 jl 00007FA1BD1DB176h 0x00000019 jmp 00007FA1BD1DB180h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA315 second address: 11FA334 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007FA1BCFB6B7Eh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FE3D7 second address: 11FE3DD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FE3DD second address: 11FE3F5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnp 00007FA1BCFB6B76h 0x00000009 jns 00007FA1BCFB6B76h 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jnp 00007FA1BCFB6B76h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FD630 second address: 11FD634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FD634 second address: 11FD659 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BCFB6B76h 0x00000008 jmp 00007FA1BCFB6B83h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jns 00007FA1BCFB6B82h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FD659 second address: 11FD65F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FD65F second address: 11FD667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FD90B second address: 11FD911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDA29 second address: 11FDA2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDA2D second address: 11FDA36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDA36 second address: 11FDA3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDA3C second address: 11FDA4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA1BD1DB176h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDA4B second address: 11FDA51 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDE4E second address: 11FDE55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FE0E8 second address: 11FE135 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA1BCFB6B92h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jnc 00007FA1BCFB6B76h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FA1BCFB6B88h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FE135 second address: 11FE139 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FE139 second address: 11FE143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1206234 second address: 1206251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB187h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1206251 second address: 120626A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007FA1BCFB6B7Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120626A second address: 120629D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FA1BD1DB184h 0x0000000c pop ecx 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jnc 00007FA1BD1DB176h 0x00000017 jmp 00007FA1BD1DB17Dh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11474C8 second address: 11474F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FA1BCFB6B7Fh 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push edi 0x0000000d jmp 00007FA1BCFB6B7Fh 0x00000012 pop edi 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204247 second address: 120425D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB182h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120425D second address: 12042AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007FA1BCFB6B85h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d jmp 00007FA1BCFB6B86h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA1BCFB6B89h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204E17 second address: 1204E1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204E1C second address: 1204E41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FA1BCFB6B80h 0x0000000a jmp 00007FA1BCFB6B7Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204E41 second address: 1204E68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c ja 00007FA1BD1DB176h 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 jmp 00007FA1BD1DB182h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204FE9 second address: 1205009 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FA1BCFB6B82h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jp 00007FA1BCFB6B78h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120517F second address: 12051A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA1BD1DB188h 0x0000000c js 00007FA1BD1DB176h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1205947 second address: 1205951 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FA1BCFB6B76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12060EB second address: 1206102 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BD1DB183h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1206102 second address: 120611D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA1BCFB6B83h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120611D second address: 1206121 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1206121 second address: 1206127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D713 second address: 120D719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D719 second address: 120D75A instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BCFB6B76h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jns 00007FA1BCFB6B76h 0x00000013 jmp 00007FA1BCFB6B82h 0x00000018 pop esi 0x00000019 jmp 00007FA1BCFB6B87h 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D87E second address: 120D882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D882 second address: 120D88B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D88B second address: 120D8A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB181h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D8A2 second address: 120D8F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B7Bh 0x00000009 popad 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jno 00007FA1BCFB6B89h 0x00000012 push esi 0x00000013 jmp 00007FA1BCFB6B84h 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FA1BCFB6B7Dh 0x00000020 jbe 00007FA1BCFB6B76h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120DA76 second address: 120DA7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121B8B3 second address: 121B8CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 jmp 00007FA1BCFB6B82h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121B8CE second address: 121B8DD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jne 00007FA1BD1DB176h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220A57 second address: 1220AC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B7Fh 0x00000009 jbe 00007FA1BCFB6B8Fh 0x0000000f jmp 00007FA1BCFB6B89h 0x00000014 jns 00007FA1BCFB6B92h 0x0000001a popad 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FA1BCFB6B84h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220AC3 second address: 1220AC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220AC9 second address: 1220AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FA1BCFB6B89h 0x0000000c jmp 00007FA1BCFB6B83h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220AEC second address: 1220AF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12205FD second address: 1220602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220602 second address: 1220618 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FA1BD1DB176h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c jng 00007FA1BD1DB17Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220618 second address: 122064B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA1BCFB6B7Ch 0x0000000d push esi 0x0000000e jmp 00007FA1BCFB6B7Eh 0x00000013 jmp 00007FA1BCFB6B7Fh 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122064B second address: 1220655 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA1BD1DB17Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12255D3 second address: 12255D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12255D7 second address: 12255DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C087 second address: 122C08D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C08D second address: 122C092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C092 second address: 122C099 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1152EC5 second address: 1152F12 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BD1DB176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jne 00007FA1BD1DB176h 0x00000013 jmp 00007FA1BD1DB17Bh 0x00000018 popad 0x00000019 jmp 00007FA1BD1DB187h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FA1BD1DB185h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1230276 second address: 123028E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Eh 0x00000007 jbe 00007FA1BCFB6B7Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12389A1 second address: 12389A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12389A5 second address: 12389BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12389BA second address: 12389BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12389BE second address: 12389C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1238C29 second address: 1238C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1238C2D second address: 1238C37 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123D64E second address: 123D652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123D652 second address: 123D656 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123D656 second address: 123D65E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123D65E second address: 123D667 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123D667 second address: 123D66D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123D243 second address: 123D248 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1241498 second address: 12414DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FA1BD1DB187h 0x0000000d jns 00007FA1BD1DB176h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jmp 00007FA1BD1DB185h 0x0000001a popad 0x0000001b push eax 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1247F5C second address: 1247F7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B89h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1247F7B second address: 1247F80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1257E51 second address: 1257E55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1257E55 second address: 1257E6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007FA1BD1DB17Eh 0x0000000c pop esi 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1259D85 second address: 1259D99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B7Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1259D99 second address: 1259DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1259A56 second address: 1259A69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BCFB6B7Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1270911 second address: 1270917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126F857 second address: 126F85D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126F996 second address: 126F9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jbe 00007FA1BD1DB188h 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FA1BD1DB180h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126F9B9 second address: 126F9BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126F9BD second address: 126F9C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126F9C1 second address: 126F9C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126FCB5 second address: 126FCBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127061B second address: 1270620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12746EB second address: 12746F0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127492C second address: 1274931 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274931 second address: 1274966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov dh, bh 0x0000000e sub dword ptr [ebp+122D30F8h], esi 0x00000014 push 00000004h 0x00000016 pushad 0x00000017 cld 0x00000018 mov dx, si 0x0000001b popad 0x0000001c push 024DE8F2h 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 jmp 00007FA1BD1DB17Fh 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274966 second address: 127496B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274BE6 second address: 1274C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007FA1BD1DB183h 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007FA1BD1DB17Dh 0x00000014 je 00007FA1BD1DB17Ch 0x0000001a jo 00007FA1BD1DB176h 0x00000020 popad 0x00000021 nop 0x00000022 push 00000000h 0x00000024 push eax 0x00000025 call 00007FA1BD1DB178h 0x0000002a pop eax 0x0000002b mov dword ptr [esp+04h], eax 0x0000002f add dword ptr [esp+04h], 00000016h 0x00000037 inc eax 0x00000038 push eax 0x00000039 ret 0x0000003a pop eax 0x0000003b ret 0x0000003c adc dl, 0000005Eh 0x0000003f push dword ptr [ebp+122D1C07h] 0x00000045 mov dx, di 0x00000048 push 7D9FD207h 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FA1BD1DB189h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1276110 second address: 1276141 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jns 00007FA1BCFB6B76h 0x00000009 jnp 00007FA1BCFB6B76h 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FA1BCFB6B89h 0x0000001b push esi 0x0000001c pop esi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1276141 second address: 1276147 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1276147 second address: 1276156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jo 00007FA1BCFB6B76h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1276156 second address: 127615B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127615B second address: 1276167 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA1BCFB6B7Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1195277 second address: 119527B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: FE8BA9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 11855D2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: FE8B32 instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FE8AD2 rdtsc

0_2_00FE8AD2

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\file.exe TID: 5532

Thread sleep time: -60000s >= -30000s

Jump to behavior

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2180597191.0000000000B5E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: file.exe, 00000000.00000003.2180310098.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181184047.0000000000BB7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.2180310098.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181184047.0000000000BB7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: file.exe, 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FE8EA9 Start: 00FE8EAB End: 00FE8EAF

0_2_00FE8EA9

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FE8AD2 rdtsc

0_2_00FE8AD2

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FCB480 LdrInitializeThunk,

0_2_00FCB480

Source: file.exe, file.exe, 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.64.1	atten-supporse.biz	United States		13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
atten-supporse.biz	104.21.64.1	true

Contacted URLs

Name	Malicious	Reputation
dare-curbys.biz	false	high
impend-differ.biz	false	high
zinc-sneark.biz	false	high
covery-mover.biz	false	high
formy-spill.biz	false	high
atten-supporse.biz	false	high
https://atten-supporse.biz/api	false	high
se-blurry.biz	false	high
print-vexer.biz	false	high
dwell-exclaim.biz	false	high

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://atten-supporse.biz/apir

Avira URL Cloud: Label: malware

Found malware configuration

Source: file.exe.3508.0.memstrmin

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: impend-differ.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: print-vexer.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dare-curbys.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: covery-mover.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: formy-spill.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dwell-exclaim.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: zinc-sneark.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: se-blurry.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: atten-supporse.biz
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp	String decryptor: LOGS11--LiveTraffic

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49707 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+05h]	0_2_00F9A960
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edx], bl	0_2_00F9CE55
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00F99CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00FBA060
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	0_2_00FB5F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h]	0_2_00FB6170
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00FB2270
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi+ebx], 00000000h	0_2_00F9C274
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push eax	0_2_00F9C36E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00FC45F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00FB86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp al, 2Eh	0_2_00FB66E7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h]	0_2_00FBC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00FBC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	0_2_00FBC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	0_2_00FBC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh	0_2_00FCE690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_00FBA630
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00FB0717
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00FB0717
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00FB86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	0_2_00FBAAD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00FCCAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi]	0_2_00F92B70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, word ptr [ecx+ebx*2]	0_2_00FC6B20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00FCCCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00FCCD60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h	0_2_00FACEA5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00FA6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_00FA6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00FCCE00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebx, 03h	0_2_00FB8F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h	0_2_00FA4F08
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, edx	0_2_00FA4F08
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00FAD087
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_00FBD085
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_00FBD085
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00FAD074
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00FA7190
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch]	0_2_00FB92D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ebx	0_2_00FB92D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [00FD4284h]	0_2_00FB5230
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00FBB3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00FBB3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, bx	0_2_00FB536C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00FB7307
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00FBB4BB
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_00F97470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_00F97470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00FBB475
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-41h]	0_2_00FB96D8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch]	0_2_00FB7653
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00FA597D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h	0_2_00FB5920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, eax	0_2_00F95910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00F95910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00FA6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_00FA6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	0_2_00FA5ADC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00FCDBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh	0_2_00FCDCF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h	0_2_00FA9C10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh]	0_2_00FA5EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00FB1EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00FA7E82
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	0_2_00FBBFDA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	0_2_00FBBFD3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h	0_2_00FCDFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	0_2_00FB5F7D

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.6:55759 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:49707 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:49709 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49707 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49707 -> 104.21.64.1:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	URLs: atten-supporse.biz
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	URLs: dwell-exclaim.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz
Source: Malware configuration extractor	URLs: print-vexer.biz
Source: Malware configuration extractor	URLs: se-blurry.biz

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49709 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49707 -> 104.21.64.1:443

Uses a known web browser user agent for HTTP communication

Source: global traffic

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: atten-supporse.biz

Source: unknown

Source: file.exe, 00000000.00000002.2181217989.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181184047.0000000000BB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/
Source: file.exe, 00000000.00000003.2179066828.0000000000C1D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2180995646.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2180062935.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181217989.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api
Source: file.exe, 00000000.00000003.2179066828.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181217989.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apir
Source: file.exe, 00000000.00000002.2180995646.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/api

Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707

Source: unknown

HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49707 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F987F0	0_2_00F987F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9A960	0_2_00F9A960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC6F90	0_2_00FC6F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01066100	0_2_01066100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B4102	0_2_010B4102
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01014112	0_2_01014112
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010EE11A	0_2_010EE11A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01008117	0_2_01008117
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC80D9	0_2_00FC80D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C6126	0_2_010C6126
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF40C9	0_2_00FF40C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80B0	0_2_00FB80B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01098142	0_2_01098142
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107E154	0_2_0107E154
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107A165	0_2_0107A165
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01076175	0_2_01076175
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A217F	0_2_010A217F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01096177	0_2_01096177
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106818B	0_2_0106818B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9E06A	0_2_00F9E06A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB5F7D	0_2_00FB5F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010521A3	0_2_010521A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D81B4	0_2_010D81B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010EA1CC	0_2_010EA1CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010881CB	0_2_010881CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AC1C9	0_2_010AC1C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCA030	0_2_00FCA030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106A1E3	0_2_0106A1E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104C1EE	0_2_0104C1EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BC1F6	0_2_010BC1F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B800B	0_2_010B800B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F981F0	0_2_00F981F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C4014	0_2_010C4014
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103201C	0_2_0103201C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DA02D	0_2_010DA02D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC01D0	0_2_00FC01D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105A03D	0_2_0105A03D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01090032	0_2_01090032
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AC036	0_2_010AC036
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107C03A	0_2_0107C03A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DC04B	0_2_010DC04B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D6041	0_2_010D6041
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102A061	0_2_0102A061
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A406C	0_2_010A406C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB6170	0_2_00FB6170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109C086	0_2_0109C086
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102609A	0_2_0102609A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010440AB	0_2_010440AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010600B1	0_2_010600B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010380BE	0_2_010380BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E80CE	0_2_010E80CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFE13A	0_2_00FFE13A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010800C0	0_2_010800C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B20DD	0_2_010B20DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BE0D5	0_2_010BE0D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010840FB	0_2_010840FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AE0F9	0_2_010AE0F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010360F4	0_2_010360F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108A0F1	0_2_0108A0F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBA100	0_2_00FBA100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01046308	0_2_01046308
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01088314	0_2_01088314
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100A326	0_2_0100A326
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103E32D	0_2_0103E32D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01016331	0_2_01016331
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCE2C0	0_2_00FCE2C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103433E	0_2_0103433E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9E2A9	0_2_00F9E2A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01058375	0_2_01058375
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01072370	0_2_01072370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F94270	0_2_00F94270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB2270	0_2_00FB2270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103A38D	0_2_0103A38D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C439F	0_2_010C439F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C394	0_2_0102C394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105A39A	0_2_0105A39A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010243B2	0_2_010243B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010203B8	0_2_010203B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010143BC	0_2_010143BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010023BF	0_2_010023BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105C3C1	0_2_0105C3C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C23EC	0_2_010C23EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D63EC	0_2_010D63EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A03FF	0_2_010A03FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F96200	0_2_00F96200
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DC20F	0_2_010DC20F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCA3F0	0_2_00FCA3F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01010212	0_2_01010212
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CC21A	0_2_010CC21A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01018216	0_2_01018216
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0115A20E	0_2_0115A20E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106222C	0_2_0106222C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105A237	0_2_0105A237
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103C238	0_2_0103C238
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFC3BC	0_2_00FFC3BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100C258	0_2_0100C258
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104E25D	0_2_0104E25D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF4389	0_2_00FF4389
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108627E	0_2_0108627E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A829B	0_2_010A829B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D0299	0_2_010D0299
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAC360	0_2_00FAC360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01042299	0_2_01042299
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010062A3	0_2_010062A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010502C4	0_2_010502C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010302EA	0_2_010302EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010742FC	0_2_010742FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01032513	0_2_01032513
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BC51F	0_2_010BC51F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01022518	0_2_01022518
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104C544	0_2_0104C544
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01068546	0_2_01068546
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010EE543	0_2_010EE543
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100856B	0_2_0100856B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01052572	0_2_01052572
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01046579	0_2_01046579
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C4573	0_2_010C4573
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D8591	0_2_010D8591
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106E5C7	0_2_0106E5C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AC5CC	0_2_010AC5CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC6430	0_2_00FC6430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010045CE	0_2_010045CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010445D5	0_2_010445D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF642B	0_2_00FF642B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010165DB	0_2_010165DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100A5DB	0_2_0100A5DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010805D7	0_2_010805D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AA5ED	0_2_010AA5ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF8408	0_2_00FF8408
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100E40F	0_2_0100E40F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101C40E	0_2_0101C40E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01098418	0_2_01098418
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01102407	0_2_01102407
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104041C	0_2_0104041C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01144435	0_2_01144435
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01026436	0_2_01026436
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105645E	0_2_0105645E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01090456	0_2_01090456
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109E456	0_2_0109E456
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107A460	0_2_0107A460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106E48F	0_2_0106E48F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA6571	0_2_00FA6571
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102A4A0	0_2_0102A4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103E4B9	0_2_0103E4B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010704BA	0_2_010704BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010624C7	0_2_010624C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AE4CC	0_2_010AE4CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B44C3	0_2_010B44C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010924C4	0_2_010924C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BE4C6	0_2_010BE4C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108A4D5	0_2_0108A4D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D24EB	0_2_010D24EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB66E7	0_2_00FB66E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0111C732	0_2_0111C732
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBC6D7	0_2_00FBC6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01158754	0_2_01158754
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01086741	0_2_01086741
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109075F	0_2_0109075F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108E76A	0_2_0108E76A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F96690	0_2_00F96690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103076A	0_2_0103076A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105E76E	0_2_0105E76E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC6690	0_2_00FC6690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCE690	0_2_00FCE690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104A770	0_2_0104A770
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D0774	0_2_010D0774
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E4770	0_2_010E4770
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104678D	0_2_0104678D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA2670	0_2_00FA2670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C78F	0_2_0102C78F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01084796	0_2_01084796
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A27B8	0_2_010A27B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106C7B0	0_2_0106C7B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107A7DB	0_2_0107A7DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010387FF	0_2_010387FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF07F7	0_2_00FF07F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01054611	0_2_01054611
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF47D7	0_2_00FF47D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104262C	0_2_0104262C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C8623	0_2_010C8623
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A863C	0_2_010A863C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CC635	0_2_010CC635
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E6631	0_2_010E6631
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108C65B	0_2_0108C65B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA67A5	0_2_00FA67A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101066C	0_2_0101066C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E068A	0_2_010E068A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010EC68A	0_2_010EC68A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100E68B	0_2_0100E68B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E2681	0_2_010E2681
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFA75B	0_2_00FFA75B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105A6AC	0_2_0105A6AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF874C	0_2_00FF874C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010746BF	0_2_010746BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010566BF	0_2_010566BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA8731	0_2_00FA8731
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010186CF	0_2_010186CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C26EF	0_2_010C26EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010646E0	0_2_010646E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010946E1	0_2_010946E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB0717	0_2_00FB0717
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010446F4	0_2_010446F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107C902	0_2_0107C902
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01056924	0_2_01056924
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D8925	0_2_010D8925
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AE923	0_2_010AE923
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103E92F	0_2_0103E92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B8934	0_2_010B8934
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010EA959	0_2_010EA959
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01016962	0_2_01016962
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109296D	0_2_0109296D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01010970	0_2_01010970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01002984	0_2_01002984
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103A984	0_2_0103A984
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF6857	0_2_00FF6857
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C49BF	0_2_010C49BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104E9D4	0_2_0104E9D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102A9D8	0_2_0102A9D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DC9D1	0_2_010DC9D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010769E2	0_2_010769E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AC9E0	0_2_010AC9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CE81A	0_2_010CE81A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101281A	0_2_0101281A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010EE844	0_2_010EE844
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01082843	0_2_01082843
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0114C846	0_2_0114C846
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BC85F	0_2_010BC85F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107885A	0_2_0107885A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102885C	0_2_0102885C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01036863	0_2_01036863
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104A860	0_2_0104A860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DA86A	0_2_010DA86A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F98990	0_2_00F98990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DE861	0_2_010DE861
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01006881	0_2_01006881
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB297F	0_2_00FB297F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B4881	0_2_010B4881
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100E8AB	0_2_0100E8AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D28A1	0_2_010D28A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010488B7	0_2_010488B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010688CF	0_2_010688CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010948E0	0_2_010948E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010088EE	0_2_010088EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108A8E7	0_2_0108A8E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AA8F8	0_2_010AA8F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109A8FC	0_2_0109A8FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010208F4	0_2_010208F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BAB0B	0_2_010BAB0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01052B02	0_2_01052B02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C2B1E	0_2_010C2B1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A4B2A	0_2_010A4B2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01012B20	0_2_01012B20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01074B21	0_2_01074B21
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106EB2C	0_2_0106EB2C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E2B20	0_2_010E2B20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E4B3D	0_2_010E4B3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCCAC0	0_2_00FCCAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102EB3D	0_2_0102EB3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D4B4E	0_2_010D4B4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BEB42	0_2_010BEB42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF2AA1	0_2_00FF2AA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01048B78	0_2_01048B78
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01090B77	0_2_01090B77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D6B8F	0_2_010D6B8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103EB90	0_2_0103EB90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFCA5A	0_2_00FFCA5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9CA54	0_2_00F9CA54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CABBF	0_2_010CABBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109CBBC	0_2_0109CBBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA4A40	0_2_00FA4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01026BD5	0_2_01026BD5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108ABF9	0_2_0108ABF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01096BF8	0_2_01096BF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01036BF1	0_2_01036BF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01034BF0	0_2_01034BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01074A07	0_2_01074A07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B2A1D	0_2_010B2A1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF0BE5	0_2_00FF0BE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103CA28	0_2_0103CA28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF6BCC	0_2_00FF6BCC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F94BA0	0_2_00F94BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E6A77	0_2_010E6A77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A8A74	0_2_010A8A74
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01034A80	0_2_01034A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DAA8E	0_2_010DAA8E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA6B7E	0_2_00FA6B7E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01054A9B	0_2_01054A9B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FACB5A	0_2_00FACB5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E0ABE	0_2_010E0ABE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100AAB8	0_2_0100AAB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01004AC8	0_2_01004AC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105CAEE	0_2_0105CAEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105EAF2	0_2_0105EAF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB2CF8	0_2_00FB2CF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01074D0D	0_2_01074D0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01056D0E	0_2_01056D0E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109CD1C	0_2_0109CD1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCCCE0	0_2_00FCCCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106CD25	0_2_0106CD25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101AD2A	0_2_0101AD2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01060D35	0_2_01060D35
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01098D45	0_2_01098D45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D0D55	0_2_010D0D55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE8C9B	0_2_00FE8C9B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01076D62	0_2_01076D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101ED94	0_2_0101ED94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01080D95	0_2_01080D95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DCDAC	0_2_010DCDAC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DADBD	0_2_010DADBD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC4C4D	0_2_00FC4C4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01092DBB	0_2_01092DBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CCDBB	0_2_010CCDBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01024DB9	0_2_01024DB9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC6C40	0_2_00FC6C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100EDBC	0_2_0100EDBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFAC24	0_2_00FFAC24
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107EDD8	0_2_0107EDD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA8C1E	0_2_00FA8C1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106EDE9	0_2_0106EDE9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01054DFE	0_2_01054DFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01044C0F	0_2_01044C0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D2C1A	0_2_010D2C1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01072C2A	0_2_01072C2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C6C35	0_2_010C6C35
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01006C44	0_2_01006C44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102CC50	0_2_0102CC50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0114EC49	0_2_0114EC49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AEC6A	0_2_010AEC6A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107AC6F	0_2_0107AC6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107EC68	0_2_0107EC68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102AC8B	0_2_0102AC8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB4D70	0_2_00FB4D70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01000C8F	0_2_01000C8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C2C99	0_2_010C2C99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCCD60	0_2_00FCCD60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A2C95	0_2_010A2C95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01066CA4	0_2_01066CA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109ECAD	0_2_0109ECAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01040CAB	0_2_01040CAB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01008CB6	0_2_01008CB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011C4CA5	0_2_011C4CA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01150CDE	0_2_01150CDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102ECDF	0_2_0102ECDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01030CDE	0_2_01030CDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A8CE2	0_2_010A8CE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D4CF5	0_2_010D4CF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01070F07	0_2_01070F07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D8F00	0_2_010D8F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E6F03	0_2_010E6F03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01064F2E	0_2_01064F2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01050F2E	0_2_01050F2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01038F33	0_2_01038F33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106AF33	0_2_0106AF33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB6EBE	0_2_00FB6EBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01062F51	0_2_01062F51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F92EA0	0_2_00F92EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01036F5D	0_2_01036F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101EF6D	0_2_0101EF6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA6E97	0_2_00FA6E97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100AF8C	0_2_0100AF8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A8FB2	0_2_010A8FB2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102AFC2	0_2_0102AFC2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CAFCD	0_2_010CAFCD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A2FD1	0_2_010A2FD1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01006FEC	0_2_01006FEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01028FEE	0_2_01028FEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAAE00	0_2_00FAAE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCCE00	0_2_00FCCE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01016E1B	0_2_01016E1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01046E25	0_2_01046E25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105EE26	0_2_0105EE26
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA0FD6	0_2_00FA0FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C0E3E	0_2_010C0E3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104EE3F	0_2_0104EE3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01012E3E	0_2_01012E3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFAFBB	0_2_00FFAFBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01086E4E	0_2_01086E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA8FAD	0_2_00FA8FAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D6E6D	0_2_010D6E6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B8E6C	0_2_010B8E6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01022E73	0_2_01022E73
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01090E7A	0_2_01090E7A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01004E86	0_2_01004E86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01042E96	0_2_01042E96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105CE96	0_2_0105CE96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB8F5D	0_2_00FB8F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAEF30	0_2_00FAEF30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B0EDD	0_2_010B0EDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01048ED3	0_2_01048ED3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA4F08	0_2_00FA4F08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01154EEC	0_2_01154EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01137118	0_2_01137118
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106310D	0_2_0106310D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF90E3	0_2_00FF90E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DF113	0_2_010DF113
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01007139	0_2_01007139
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01023145	0_2_01023145
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101514A	0_2_0101514A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100D167	0_2_0100D167
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108F167	0_2_0108F167
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C9178	0_2_010C9178
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBD085	0_2_00FBD085
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01083188	0_2_01083188
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01031186	0_2_01031186
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99070	0_2_00F99070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D1183	0_2_010D1183
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AD196	0_2_010AD196
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C11AA	0_2_010C11AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010771AC	0_2_010771AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109F1D1	0_2_0109F1D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010471D8	0_2_010471D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010431E0	0_2_010431E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109D1EC	0_2_0109D1EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010171E8	0_2_010171E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105D1EC	0_2_0105D1EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFF00F	0_2_00FFF00F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AF1F9	0_2_010AF1F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107F1F1	0_2_0107F1F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010671FC	0_2_010671FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BF002	0_2_010BF002
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100D027	0_2_0100D027
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103F035	0_2_0103F035
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0109B03E	0_2_0109B03E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01021056	0_2_01021056
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFD1A7	0_2_00FFD1A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA7190	0_2_00FA7190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01093073	0_2_01093073
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01095073	0_2_01095073
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104507F	0_2_0104507F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF317A	0_2_00FF317A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01085081	0_2_01085081
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108B09F	0_2_0108B09F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF7167	0_2_00FF7167
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010ED095	0_2_010ED095
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E30AD	0_2_010E30AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010350AD	0_2_010350AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101B0B8	0_2_0101B0B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D30C8	0_2_010D30C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010590CD	0_2_010590CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107B0CC	0_2_0107B0CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010750CB	0_2_010750CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BD0D6	0_2_010BD0D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BB0EA	0_2_010BB0EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010690E5	0_2_010690E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010730ED	0_2_010730ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D50E3	0_2_010D50E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104D0F1	0_2_0104D0F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010DB31B	0_2_010DB31B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103D322	0_2_0103D322
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB92D0	0_2_00FB92D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01099339	0_2_01099339
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA92BA	0_2_00FA92BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01043353	0_2_01043353
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100B35B	0_2_0100B35B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF129F	0_2_00FF129F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107937C	0_2_0107937C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100D387	0_2_0100D387
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01081396	0_2_01081396
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101D3A9	0_2_0101D3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010593A8	0_2_010593A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010D33BB	0_2_010D33BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010073D0	0_2_010073D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105B3D3	0_2_0105B3D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010893D5	0_2_010893D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010613D9	0_2_010613D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010ED3E9	0_2_010ED3E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010413E8	0_2_010413E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011493EB	0_2_011493EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C93F3	0_2_010C93F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100921E	0_2_0100921E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103B221	0_2_0103B221
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CF232	0_2_010CF232
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E924F	0_2_010E924F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB33A0	0_2_00FB33A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010CD250	0_2_010CD250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A5255	0_2_010A5255
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF5397	0_2_00FF5397
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0103326E	0_2_0103326E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108D278	0_2_0108D278
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010ED274	0_2_010ED274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFB375	0_2_00FFB375
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01003298	0_2_01003298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F99360	0_2_00F99360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E12AD	0_2_010E12AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9B351	0_2_00F9B351
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B92A2	0_2_010B92A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010912A2	0_2_010912A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010572A9	0_2_010572A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FC533A	0_2_00FC533A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108350C	0_2_0108350C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A950D	0_2_010A950D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108D501	0_2_0108D501
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107D511	0_2_0107D511
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B152B	0_2_010B152B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101F530	0_2_0101F530
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01085536	0_2_01085536
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01009542	0_2_01009542
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010C3549	0_2_010C3549
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010A3544	0_2_010A3544
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102D555	0_2_0102D555

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00F98000 appears 55 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00FA4A30 appears 76 times

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9976616565743944
Source: file.exe	Static PE information: Section: rmyngibq ZLIB complexity 0.9944709241207951

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FC0A6C CoCreateInstance,

0_2_00FC0A6C

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1838080 > 1048576

Source: file.exe

Static PE information: Raw size of rmyngibq is bigger than: 0x100000 < 0x198c00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.f90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rmyngibq:EW;qytqqcga:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rmyngibq:EW;qytqqcga:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x1c43a8 should be: 0x1c94c4

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: rmyngibq
Source: file.exe	Static PE information: section name: qytqqcga
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0120A167 push eax; mov dword ptr [esp], ecx	0_2_0120ACD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEE0AD push 7628542Ah; mov dword ptr [esp], esp	0_2_00FF0196
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEA093 push 683962B8h; mov dword ptr [esp], eax	0_2_00FEA0A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011D819F push ecx; mov dword ptr [esp], edi	0_2_011D81B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEC047 push 771E6925h; mov dword ptr [esp], esp	0_2_00FEFA02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010621E7 push ebx; mov dword ptr [esp], esi	0_2_010621F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0122E1C1 push 659C3487h; mov dword ptr [esp], ebx	0_2_0122E1C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0115E1EF push esi; mov dword ptr [esp], ebx	0_2_0115E217
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0115E1EF push 2BEE993Eh; mov dword ptr [esp], ebp	0_2_0115E239
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE81FC push edx; ret	0_2_00FE81FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011B800C push edi; mov dword ptr [esp], edx	0_2_011B8022
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0121E068 push ebx; mov dword ptr [esp], edx	0_2_0121E0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011D0098 push 31611189h; mov dword ptr [esp], edx	0_2_011D00BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011BE08C push 1DB62156h; mov dword ptr [esp], eax	0_2_011BE0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010380BE push eax; mov dword ptr [esp], edi	0_2_0103871C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010380BE push edx; mov dword ptr [esp], 1F7F030Bh	0_2_01038766
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010380BE push 5820EDD5h; mov dword ptr [esp], edi	0_2_010387A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_012580E5 push edx; mov dword ptr [esp], ecx	0_2_01258107
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_012580E5 push 47ED5458h; mov dword ptr [esp], ecx	0_2_01258211
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_012580E5 push 362D58D5h; mov dword ptr [esp], edx	0_2_01258253
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E80CE push eax; mov dword ptr [esp], 0E304F8Fh	0_2_010E840C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E80CE push ebx; mov dword ptr [esp], edx	0_2_010E842C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E80CE push ecx; mov dword ptr [esp], 6EEA8F79h	0_2_010E8430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010E80CE push ebp; mov dword ptr [esp], 7FFF4A2Ah	0_2_010E84F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE82FA push edi; mov dword ptr [esp], ebp	0_2_00FE8304
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106C310 push 53FE2631h; mov dword ptr [esp], edx	0_2_0106C333
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106C310 push ebp; mov dword ptr [esp], edx	0_2_0106C3BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106C310 push esi; mov dword ptr [esp], edi	0_2_0106C43F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106C310 push esi; mov dword ptr [esp], ebp	0_2_0106C489
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106C310 push edx; mov dword ptr [esp], esp	0_2_0106C4B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106C310 push ebp; mov dword ptr [esp], ecx	0_2_0106C4CB

Source: file.exe	Static PE information: section name: entropy: 7.98596751431181
Source: file.exe	Static PE information: section name: rmyngibq entropy: 7.954341436383283

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE8B68 second address: FE8B71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE8B71 second address: FE8B82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007FA1BCFB6B78h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1156693 second address: 11566A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FA1BD1DB196h 0x0000000c jo 00007FA1BD1DB17Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11566A9 second address: 11566B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11566B1 second address: 11566B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11566B5 second address: 11566B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E6EC second address: 115E6F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11618A7 second address: 11618FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 5EB0E91Ch 0x00000010 mov edi, dword ptr [ebp+122D2A30h] 0x00000016 push 00000003h 0x00000018 mov dword ptr [ebp+122D3AA9h], esi 0x0000001e push 00000000h 0x00000020 push 00000003h 0x00000022 mov edi, dword ptr [ebp+122D2AC4h] 0x00000028 call 00007FA1BCFB6B79h 0x0000002d pushad 0x0000002e jnc 00007FA1BCFB6B78h 0x00000034 push esi 0x00000035 pop esi 0x00000036 push edi 0x00000037 jbe 00007FA1BCFB6B76h 0x0000003d pop edi 0x0000003e popad 0x0000003f push eax 0x00000040 jng 00007FA1BCFB6B7Eh 0x00000046 push ebx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11619D2 second address: 1161A18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB17Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jno 00007FA1BD1DB178h 0x00000011 jmp 00007FA1BD1DB17Ah 0x00000016 popad 0x00000017 nop 0x00000018 or dword ptr [ebp+122D1A1Eh], ebx 0x0000001e push 00000000h 0x00000020 jc 00007FA1BD1DB17Ch 0x00000026 adc edx, 486CCC47h 0x0000002c call 00007FA1BD1DB179h 0x00000031 push eax 0x00000032 push edx 0x00000033 push esi 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1161A18 second address: 1161A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1161A1D second address: 1161A22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1161A22 second address: 1161A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 push edi 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edi 0x0000000d pop edi 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1161A39 second address: 1161A3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1161B00 second address: 1161B6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 084194A1h 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007FA1BCFB6B78h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D3AA9h], eax 0x0000002e lea ebx, dword ptr [ebp+1244C6A9h] 0x00000034 mov ecx, dword ptr [ebp+122D2D88h] 0x0000003a call 00007FA1BCFB6B7Bh 0x0000003f stc 0x00000040 pop edi 0x00000041 xchg eax, ebx 0x00000042 push eax 0x00000043 jo 00007FA1BCFB6B78h 0x00000049 push edx 0x0000004a pop edx 0x0000004b pop eax 0x0000004c push eax 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007FA1BCFB6B85h 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180430 second address: 1180436 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180436 second address: 118043A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118043A second address: 1180442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180442 second address: 1180447 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180447 second address: 1180450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180450 second address: 1180454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118125F second address: 1181272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA1BD1DB176h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007FA1BD1DB176h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11752FF second address: 1175305 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1175305 second address: 1175317 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007FA1BD1DB176h 0x0000000d push edx 0x0000000e pop edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1175317 second address: 1175338 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA1BCFB6B8Ch 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1175338 second address: 117534C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA1BD1DB176h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117534C second address: 117535A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181558 second address: 118155E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181ECE second address: 1181ED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181ED4 second address: 1181EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181EDF second address: 1181EE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181EE3 second address: 1181EED instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA1BD1DB176h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115828C second address: 115829F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118DBC8 second address: 118DBE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BD1DB184h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118DD73 second address: 118DD77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118DD77 second address: 118DD87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007FA1BD1DB176h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118DD87 second address: 118DDD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B82h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FA1BCFB6B93h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FA1BCFB6B80h 0x0000001a push esi 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118DDD8 second address: 118DDF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB186h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118DF72 second address: 118DF82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Ah 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E237 second address: 118E23B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E23B second address: 118E23F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E23F second address: 118E257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jc 00007FA1BD1DB176h 0x00000011 jc 00007FA1BD1DB176h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E257 second address: 118E25C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E3ED second address: 118E401 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jg 00007FA1BD1DB176h 0x0000000d pop eax 0x0000000e pop ebx 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E59E second address: 118E5A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11924DB second address: 11924E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11924E1 second address: 11924E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11924E5 second address: 119255C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB186h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [esp], 25F8E1DAh 0x00000012 jg 00007FA1BD1DB184h 0x00000018 call 00007FA1BD1DB179h 0x0000001d jmp 00007FA1BD1DB185h 0x00000022 push eax 0x00000023 pushad 0x00000024 jmp 00007FA1BD1DB17Ch 0x00000029 pushad 0x0000002a js 00007FA1BD1DB176h 0x00000030 push ebx 0x00000031 pop ebx 0x00000032 popad 0x00000033 popad 0x00000034 mov eax, dword ptr [esp+04h] 0x00000038 push esi 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119255C second address: 1192560 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1192560 second address: 1192585 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FA1BD1DB184h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1192921 second address: 1192934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1192934 second address: 119293A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119293A second address: 119293E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11929E7 second address: 11929EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1192BBF second address: 1192BCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1192BCB second address: 1192BD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119308D second address: 1193097 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA1BCFB6B76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11932D6 second address: 11932E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FA1BD1DB176h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11932E0 second address: 11932FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA1BCFB6B84h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119371A second address: 119371F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1194E62 second address: 1194E66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119613F second address: 119618F instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA1BD1DB18Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edi, 5FFABFAAh 0x00000012 push 00000000h 0x00000014 sbb esi, 0EC8A047h 0x0000001a push 00000000h 0x0000001c call 00007FA1BD1DB17Ch 0x00000021 mov dword ptr [ebp+122D1EB7h], edi 0x00000027 pop edi 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c jc 00007FA1BD1DB176h 0x00000032 pop eax 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1196C0B second address: 1196C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11976A0 second address: 11976A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119814F second address: 1198153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119741C second address: 1197422 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1199471 second address: 1199475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1197422 second address: 1197426 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CC47 second address: 119CC4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119EAE5 second address: 119EAE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119EAE9 second address: 119EB02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA1BCFB6B80h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119F9C5 second address: 119FA3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BD1DB184h 0x00000008 jmp 00007FA1BD1DB185h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 add dword ptr [ebp+122D260Fh], ebx 0x00000017 push 00000000h 0x00000019 mov edi, dword ptr [ebp+122D3588h] 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push ebp 0x00000024 call 00007FA1BD1DB178h 0x00000029 pop ebp 0x0000002a mov dword ptr [esp+04h], ebp 0x0000002e add dword ptr [esp+04h], 0000001Bh 0x00000036 inc ebp 0x00000037 push ebp 0x00000038 ret 0x00000039 pop ebp 0x0000003a ret 0x0000003b xor edi, 4C2D6046h 0x00000041 xchg eax, esi 0x00000042 jl 00007FA1BD1DB180h 0x00000048 pushad 0x00000049 pushad 0x0000004a popad 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119FA3A second address: 119FA52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 jmp 00007FA1BCFB6B7Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A1B24 second address: 11A1B28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A0ABC second address: 11A0AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A1B28 second address: 11A1B2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A0AC0 second address: 11A0AD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BCFB6B7Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A0BBA second address: 11A0BBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A0BBE second address: 11A0BDD instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA1BCFB6B7Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A2C26 second address: 11A2C2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A0BDD second address: 11A0BF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B88h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A2C2A second address: 11A2CB7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BD1DB176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov bx, ax 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007FA1BD1DB178h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d jmp 00007FA1BD1DB17Bh 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push esi 0x00000037 call 00007FA1BD1DB178h 0x0000003c pop esi 0x0000003d mov dword ptr [esp+04h], esi 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc esi 0x0000004a push esi 0x0000004b ret 0x0000004c pop esi 0x0000004d ret 0x0000004e and bx, 4D5Ch 0x00000053 xchg eax, esi 0x00000054 jmp 00007FA1BD1DB187h 0x00000059 push eax 0x0000005a push esi 0x0000005b push eax 0x0000005c push edx 0x0000005d jne 00007FA1BD1DB176h 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A3D7F second address: 11A3D83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A3D83 second address: 11A3D87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A4C5A second address: 11A4C5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5C71 second address: 11A5C77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5C77 second address: 11A5C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5C7B second address: 11A5C98 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA1BD1DB176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jnl 00007FA1BD1DB176h 0x00000016 jnp 00007FA1BD1DB176h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A3F15 second address: 11A3F43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B89h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007FA1BCFB6B7Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A3F43 second address: 11A3FED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB17Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push esi 0x0000000b mov edi, dword ptr [ebp+122D2CE0h] 0x00000011 pop edi 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov edi, dword ptr [ebp+122D349Ch] 0x0000001f movzx edi, si 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push ebx 0x0000002c call 00007FA1BD1DB178h 0x00000031 pop ebx 0x00000032 mov dword ptr [esp+04h], ebx 0x00000036 add dword ptr [esp+04h], 0000001Bh 0x0000003e inc ebx 0x0000003f push ebx 0x00000040 ret 0x00000041 pop ebx 0x00000042 ret 0x00000043 mov eax, dword ptr [ebp+122D08D1h] 0x00000049 jp 00007FA1BD1DB190h 0x0000004f push FFFFFFFFh 0x00000051 push 00000000h 0x00000053 push esi 0x00000054 call 00007FA1BD1DB178h 0x00000059 pop esi 0x0000005a mov dword ptr [esp+04h], esi 0x0000005e add dword ptr [esp+04h], 0000001Dh 0x00000066 inc esi 0x00000067 push esi 0x00000068 ret 0x00000069 pop esi 0x0000006a ret 0x0000006b and bh, FFFFFFAFh 0x0000006e nop 0x0000006f push eax 0x00000070 push edx 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5E0B second address: 11A5E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 jp 00007FA1BCFB6B82h 0x0000000f jnl 00007FA1BCFB6B7Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6E84 second address: 11A6F24 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007FA1BD1DB178h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 0000001Bh 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 sub bx, 1C4Dh 0x00000027 mov dword ptr [ebp+122D35F0h], ecx 0x0000002d push dword ptr fs:[00000000h] 0x00000034 ja 00007FA1BD1DB179h 0x0000003a mov dword ptr fs:[00000000h], esp 0x00000041 and di, E600h 0x00000046 mov eax, dword ptr [ebp+122D0795h] 0x0000004c push 00000000h 0x0000004e push ebx 0x0000004f call 00007FA1BD1DB178h 0x00000054 pop ebx 0x00000055 mov dword ptr [esp+04h], ebx 0x00000059 add dword ptr [esp+04h], 0000001Bh 0x00000061 inc ebx 0x00000062 push ebx 0x00000063 ret 0x00000064 pop ebx 0x00000065 ret 0x00000066 clc 0x00000067 mov ebx, dword ptr [ebp+122D2843h] 0x0000006d movsx edi, ax 0x00000070 push FFFFFFFFh 0x00000072 push eax 0x00000073 push eax 0x00000074 push edx 0x00000075 push ecx 0x00000076 jmp 00007FA1BD1DB184h 0x0000007b pop ecx 0x0000007c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A3FED second address: 11A3FF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7BA6 second address: 11A7BAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7BAB second address: 11A7BB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7BB9 second address: 11A7BBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7BBD second address: 11A7BC7 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7BC7 second address: 11A7C42 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA1BD1DB189h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jmp 00007FA1BD1DB183h 0x00000010 push 00000000h 0x00000012 mov bh, cl 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007FA1BD1DB178h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 mov ebx, dword ptr [ebp+122D323Ch] 0x00000036 mov bx, 87BEh 0x0000003a xchg eax, esi 0x0000003b jmp 00007FA1BD1DB186h 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 pushad 0x00000045 popad 0x00000046 pop eax 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7C42 second address: 11A7C58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BCFB6B82h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A7DBD second address: 11A7DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A8DA8 second address: 11A8DD3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FA1BCFB6B78h 0x0000000c popad 0x0000000d push eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA1BCFB6B88h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AAC39 second address: 11AAC3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AAC3D second address: 11AACF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA1BCFB6B81h 0x0000000b popad 0x0000000c push eax 0x0000000d js 00007FA1BCFB6B8Fh 0x00000013 jmp 00007FA1BCFB6B89h 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007FA1BCFB6B78h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 jmp 00007FA1BCFB6B7Fh 0x00000038 push 00000000h 0x0000003a add ebx, dword ptr [ebp+122D284Dh] 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push ebp 0x00000045 call 00007FA1BCFB6B78h 0x0000004a pop ebp 0x0000004b mov dword ptr [esp+04h], ebp 0x0000004f add dword ptr [esp+04h], 00000014h 0x00000057 inc ebp 0x00000058 push ebp 0x00000059 ret 0x0000005a pop ebp 0x0000005b ret 0x0000005c xchg eax, esi 0x0000005d jmp 00007FA1BCFB6B80h 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 jns 00007FA1BCFB6B86h 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AACF2 second address: 11AACF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AF405 second address: 11AF409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AF409 second address: 11AF41F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB182h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AF41F second address: 11AF425 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B2FDE second address: 11B2FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FA1BD1DB17Dh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8BAA second address: 11B8BB4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8BB4 second address: 11B8BE6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FA1BD1DB17Fh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop edx 0x00000011 push esi 0x00000012 jmp 00007FA1BD1DB17Ch 0x00000017 pop esi 0x00000018 popad 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d pushad 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8BE6 second address: 11B8BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jnc 00007FA1BCFB6B78h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8BFE second address: 11B8C02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8C02 second address: 11B8C08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8C08 second address: 11B8C0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8C0E second address: 11B8C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BDCE1 second address: 11BDCF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 je 00007FA1BD1DB17Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BDF8D second address: 11BDF9A instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BDF9A second address: 11BDFA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jnp 00007FA1BD1DB176h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BE28F second address: 11BE2B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BCFB6B88h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BE2B2 second address: 11BE2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jp 00007FA1BD1DB178h 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C4528 second address: 11C4544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B80h 0x00000009 je 00007FA1BCFB6B76h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114DED8 second address: 114DEEA instructions: 0x00000000 rdtsc 0x00000002 je 00007FA1BD1DB176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007FA1BD1DB17Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C313E second address: 11C3144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3144 second address: 11C315E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jno 00007FA1BD1DB17Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C315E second address: 11C316F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C316F second address: 11C318D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jbe 00007FA1BD1DB176h 0x0000000f jmp 00007FA1BD1DB17Dh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C344D second address: 11C3453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3453 second address: 11C345C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C345C second address: 11C3462 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3462 second address: 11C3468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3468 second address: 11C346E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C35E8 second address: 11C35EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C38F2 second address: 11C38F8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3A49 second address: 11C3A68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007FA1BD1DB184h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3C06 second address: 11C3C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3C0C second address: 11C3C10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3C10 second address: 11C3C16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3C16 second address: 11C3C32 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA1BD1DB18Eh 0x00000008 jmp 00007FA1BD1DB182h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3D69 second address: 11C3D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C3D6F second address: 11C3D73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C2BA6 second address: 11C2BD0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA1BCFB6B8Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FA1BCFB6B76h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C2BD0 second address: 11C2BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C2BD4 second address: 11C2BDA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CBE24 second address: 11CBE35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB17Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CBE35 second address: 11CBE44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BCFB6B7Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CBE44 second address: 11CBE4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1190CBC second address: 1190CC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1190CC2 second address: 11752FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007FA1BD1DB178h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 mov ecx, dword ptr [ebp+122D2D78h] 0x00000029 call dword ptr [ebp+122D33E5h] 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 jmp 00007FA1BD1DB185h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191321 second address: 1191333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 pushad 0x0000000a je 00007FA1BCFB6B7Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191333 second address: 119133A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191611 second address: 1191629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BCFB6B84h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191C12 second address: 1191C16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191C16 second address: 1191C63 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D35B5h], ecx 0x00000014 push 0000001Eh 0x00000016 jmp 00007FA1BCFB6B7Dh 0x0000001b pushad 0x0000001c jne 00007FA1BCFB6B76h 0x00000022 sub eax, dword ptr [ebp+122D2A94h] 0x00000028 popad 0x00000029 nop 0x0000002a pushad 0x0000002b jmp 00007FA1BCFB6B86h 0x00000030 push eax 0x00000031 push edx 0x00000032 push edx 0x00000033 pop edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191C63 second address: 1191C67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CB377 second address: 11CB391 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B7Eh 0x00000009 jc 00007FA1BCFB6B7Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CB391 second address: 11CB39D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA1BD1DB17Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CB685 second address: 11CB68C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CB979 second address: 11CB993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 js 00007FA1BD1DB192h 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e jne 00007FA1BD1DB176h 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD5D8 second address: 11CD5DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD5DE second address: 11CD5ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 jnp 00007FA1BD1DB194h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD5ED second address: 11CD5F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD5F3 second address: 11CD5F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D09CB second address: 11D09D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D5F57 second address: 11D5F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB17Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D5C24 second address: 11D5C2E instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D5C2E second address: 11D5C7D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jl 00007FA1BD1DB176h 0x00000009 pop edi 0x0000000a pushad 0x0000000b jmp 00007FA1BD1DB180h 0x00000010 jc 00007FA1BD1DB176h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a pushad 0x0000001b push edi 0x0000001c pop edi 0x0000001d jnl 00007FA1BD1DB176h 0x00000023 jmp 00007FA1BD1DB183h 0x00000028 push esi 0x00000029 pop esi 0x0000002a popad 0x0000002b jc 00007FA1BD1DB178h 0x00000031 pushad 0x00000032 popad 0x00000033 push ebx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D5C7D second address: 11D5C8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007FA1BCFB6B76h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D5C8A second address: 11D5C8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D690B second address: 11D692E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA1BCFB6B7Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D692E second address: 11D6948 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB180h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D6948 second address: 11D6972 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B83h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FA1BCFB6B80h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D6972 second address: 11D698D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB185h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D698D second address: 11D6992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D6992 second address: 11D699D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114FA60 second address: 114FA66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114FA66 second address: 114FA6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DBF14 second address: 11DBF1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DBF1A second address: 11DBF1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DBF1F second address: 11DBF26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DBF26 second address: 11DBF58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB181h 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007FA1BD1DB183h 0x00000010 pop eax 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DBF58 second address: 11DBF62 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA1BCFB6B76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DC390 second address: 11DC395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DC395 second address: 11DC3C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BCFB6B81h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA1BCFB6B83h 0x00000012 jng 00007FA1BCFB6B76h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DEB8F second address: 11DEB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DEB95 second address: 11DEB9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DEB9B second address: 11DEB9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E8545 second address: 11E854B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E7181 second address: 11E71BE instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BD1DB187h 0x00000008 jmp 00007FA1BD1DB188h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jo 00007FA1BD1DB18Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E71BE second address: 11E71C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E7555 second address: 11E755D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E755D second address: 11E7570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ebx 0x00000007 jnp 00007FA1BCFB6B78h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E7570 second address: 11E7576 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191A81 second address: 1191A87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191A87 second address: 1191A8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191A8B second address: 1191A8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E76DC second address: 11E76E6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA1BD1DB17Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E76E6 second address: 11E76F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED228 second address: 11ED22C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC4A8 second address: 11EC4AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC76F second address: 11EC775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC775 second address: 11EC779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC8E3 second address: 11EC8EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC8EB second address: 11EC8FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FA1BCFB6B76h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC8FA second address: 11EC8FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC8FE second address: 11EC904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EC904 second address: 11EC90D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECA76 second address: 11ECA83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 js 00007FA1BCFB6B94h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECA83 second address: 11ECAA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB188h 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECC11 second address: 11ECC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECC17 second address: 11ECC1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECC1B second address: 11ECC1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECC1F second address: 11ECC3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA1BD1DB184h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECDA0 second address: 11ECDA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECDA6 second address: 11ECDAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECDAC second address: 11ECDC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 jnc 00007FA1BCFB6B76h 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECDC2 second address: 11ECDC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECDC6 second address: 11ECDF4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA1BCFB6B76h 0x00000008 jmp 00007FA1BCFB6B7Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FA1BCFB6B89h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ECDF4 second address: 11ECE06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jbe 00007FA1BD1DB176h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F4987 second address: 11F498E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F498E second address: 11F49A4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA1BD1DB178h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007FA1BD1DB178h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F49A4 second address: 11F49C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FA1BCFB6B88h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F32DA second address: 11F32F4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FA1BD1DB184h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F38B9 second address: 11F38C5 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA1BCFB6B76h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F43D1 second address: 11F4412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB185h 0x00000009 pop edi 0x0000000a pushad 0x0000000b push edx 0x0000000c jne 00007FA1BD1DB176h 0x00000012 pop edx 0x00000013 push ebx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 jmp 00007FA1BD1DB187h 0x0000001b pop ebx 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA2CE second address: 11FA2E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B82h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA2E6 second address: 11FA315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop ebx 0x00000009 popad 0x0000000a pushad 0x0000000b jnl 00007FA1BD1DB17Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 jl 00007FA1BD1DB176h 0x00000019 jmp 00007FA1BD1DB180h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA315 second address: 11FA334 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007FA1BCFB6B7Eh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FE3D7 second address: 11FE3DD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FE3DD second address: 11FE3F5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnp 00007FA1BCFB6B76h 0x00000009 jns 00007FA1BCFB6B76h 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jnp 00007FA1BCFB6B76h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FD630 second address: 11FD634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FD634 second address: 11FD659 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BCFB6B76h 0x00000008 jmp 00007FA1BCFB6B83h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jns 00007FA1BCFB6B82h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FD659 second address: 11FD65F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FD65F second address: 11FD667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FD90B second address: 11FD911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDA29 second address: 11FDA2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDA2D second address: 11FDA36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDA36 second address: 11FDA3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDA3C second address: 11FDA4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA1BD1DB176h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDA4B second address: 11FDA51 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDE4E second address: 11FDE55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FE0E8 second address: 11FE135 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA1BCFB6B92h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jnc 00007FA1BCFB6B76h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FA1BCFB6B88h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FE135 second address: 11FE139 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FE139 second address: 11FE143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1206234 second address: 1206251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB187h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1206251 second address: 120626A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007FA1BCFB6B7Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120626A second address: 120629D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FA1BD1DB184h 0x0000000c pop ecx 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jnc 00007FA1BD1DB176h 0x00000017 jmp 00007FA1BD1DB17Dh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11474C8 second address: 11474F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FA1BCFB6B7Fh 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push edi 0x0000000d jmp 00007FA1BCFB6B7Fh 0x00000012 pop edi 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204247 second address: 120425D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB182h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120425D second address: 12042AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007FA1BCFB6B85h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d jmp 00007FA1BCFB6B86h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA1BCFB6B89h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204E17 second address: 1204E1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204E1C second address: 1204E41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FA1BCFB6B80h 0x0000000a jmp 00007FA1BCFB6B7Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204E41 second address: 1204E68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c ja 00007FA1BD1DB176h 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 jmp 00007FA1BD1DB182h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204FE9 second address: 1205009 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FA1BCFB6B82h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jp 00007FA1BCFB6B78h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120517F second address: 12051A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA1BD1DB188h 0x0000000c js 00007FA1BD1DB176h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1205947 second address: 1205951 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FA1BCFB6B76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12060EB second address: 1206102 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BD1DB183h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1206102 second address: 120611D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA1BCFB6B83h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120611D second address: 1206121 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1206121 second address: 1206127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D713 second address: 120D719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D719 second address: 120D75A instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BCFB6B76h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jns 00007FA1BCFB6B76h 0x00000013 jmp 00007FA1BCFB6B82h 0x00000018 pop esi 0x00000019 jmp 00007FA1BCFB6B87h 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D87E second address: 120D882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D882 second address: 120D88B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D88B second address: 120D8A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB181h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D8A2 second address: 120D8F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B7Bh 0x00000009 popad 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jno 00007FA1BCFB6B89h 0x00000012 push esi 0x00000013 jmp 00007FA1BCFB6B84h 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FA1BCFB6B7Dh 0x00000020 jbe 00007FA1BCFB6B76h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120DA76 second address: 120DA7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121B8B3 second address: 121B8CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 jmp 00007FA1BCFB6B82h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121B8CE second address: 121B8DD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jne 00007FA1BD1DB176h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220A57 second address: 1220AC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B7Fh 0x00000009 jbe 00007FA1BCFB6B8Fh 0x0000000f jmp 00007FA1BCFB6B89h 0x00000014 jns 00007FA1BCFB6B92h 0x0000001a popad 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FA1BCFB6B84h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220AC3 second address: 1220AC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220AC9 second address: 1220AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FA1BCFB6B89h 0x0000000c jmp 00007FA1BCFB6B83h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220AEC second address: 1220AF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12205FD second address: 1220602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220602 second address: 1220618 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FA1BD1DB176h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c jng 00007FA1BD1DB17Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1220618 second address: 122064B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA1BCFB6B7Ch 0x0000000d push esi 0x0000000e jmp 00007FA1BCFB6B7Eh 0x00000013 jmp 00007FA1BCFB6B7Fh 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122064B second address: 1220655 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA1BD1DB17Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12255D3 second address: 12255D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12255D7 second address: 12255DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C087 second address: 122C08D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C08D second address: 122C092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C092 second address: 122C099 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1152EC5 second address: 1152F12 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BD1DB176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jne 00007FA1BD1DB176h 0x00000013 jmp 00007FA1BD1DB17Bh 0x00000018 popad 0x00000019 jmp 00007FA1BD1DB187h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FA1BD1DB185h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1230276 second address: 123028E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Eh 0x00000007 jbe 00007FA1BCFB6B7Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12389A1 second address: 12389A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12389A5 second address: 12389BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12389BA second address: 12389BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12389BE second address: 12389C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1238C29 second address: 1238C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1238C2D second address: 1238C37 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123D64E second address: 123D652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123D652 second address: 123D656 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123D656 second address: 123D65E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123D65E second address: 123D667 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123D667 second address: 123D66D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123D243 second address: 123D248 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1241498 second address: 12414DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FA1BD1DB187h 0x0000000d jns 00007FA1BD1DB176h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jmp 00007FA1BD1DB185h 0x0000001a popad 0x0000001b push eax 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1247F5C second address: 1247F7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B89h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1247F7B second address: 1247F80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1257E51 second address: 1257E55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1257E55 second address: 1257E6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007FA1BD1DB17Eh 0x0000000c pop esi 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1259D85 second address: 1259D99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B7Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1259D99 second address: 1259DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1259A56 second address: 1259A69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BCFB6B7Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1270911 second address: 1270917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126F857 second address: 126F85D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126F996 second address: 126F9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jbe 00007FA1BD1DB188h 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FA1BD1DB180h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126F9B9 second address: 126F9BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126F9BD second address: 126F9C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126F9C1 second address: 126F9C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126FCB5 second address: 126FCBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127061B second address: 1270620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12746EB second address: 12746F0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127492C second address: 1274931 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274931 second address: 1274966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov dh, bh 0x0000000e sub dword ptr [ebp+122D30F8h], esi 0x00000014 push 00000004h 0x00000016 pushad 0x00000017 cld 0x00000018 mov dx, si 0x0000001b popad 0x0000001c push 024DE8F2h 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 jmp 00007FA1BD1DB17Fh 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274966 second address: 127496B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274BE6 second address: 1274C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007FA1BD1DB183h 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007FA1BD1DB17Dh 0x00000014 je 00007FA1BD1DB17Ch 0x0000001a jo 00007FA1BD1DB176h 0x00000020 popad 0x00000021 nop 0x00000022 push 00000000h 0x00000024 push eax 0x00000025 call 00007FA1BD1DB178h 0x0000002a pop eax 0x0000002b mov dword ptr [esp+04h], eax 0x0000002f add dword ptr [esp+04h], 00000016h 0x00000037 inc eax 0x00000038 push eax 0x00000039 ret 0x0000003a pop eax 0x0000003b ret 0x0000003c adc dl, 0000005Eh 0x0000003f push dword ptr [ebp+122D1C07h] 0x00000045 mov dx, di 0x00000048 push 7D9FD207h 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FA1BD1DB189h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1276110 second address: 1276141 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jns 00007FA1BCFB6B76h 0x00000009 jnp 00007FA1BCFB6B76h 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FA1BCFB6B89h 0x0000001b push esi 0x0000001c pop esi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1276141 second address: 1276147 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1276147 second address: 1276156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jo 00007FA1BCFB6B76h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1276156 second address: 127615B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127615B second address: 1276167 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA1BCFB6B7Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1195277 second address: 119527B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: FE8BA9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 11855D2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: FE8B32 instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FE8AD2 rdtsc

0_2_00FE8AD2

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\file.exe TID: 5532

Thread sleep time: -60000s >= -30000s

Jump to behavior

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2180597191.0000000000B5E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: file.exe, 00000000.00000003.2180310098.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181184047.0000000000BB7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.2180310098.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181184047.0000000000BB7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: file.exe, 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FE8EA9 Start: 00FE8EAB End: 00FE8EAF

0_2_00FE8EA9

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FE8AD2 rdtsc

0_2_00FE8AD2

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FCB480 LdrInitializeThunk,

0_2_00FCB480

Source: file.exe, file.exe, 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

ID:	1571894
Product:	CloudBasic
Start time:	20:26:08
Start date:	09.12.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	1524da94feeebb2a921c3065f4da2383
SHA1:	68ad3edc97d668005f47ac76d5a0f8397d24b8cb
SHA256:	4228f1c544520402ca8d8120aca88167f1b23ccb2efb536fe668dc6dd0bc267c
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
file.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
file.exe