Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1571961
MD5: 52f0f216dfbb86683b1e318a0796dd81
SHA1: 2e2b8710e0a077ed8a2124fde2486f397857b8f6
SHA256: 1d95373c2284b657b614f07051eed5fed72f34f787350409e49e8dc30a5ea494
Tags: exeuser-Bitsight
Infos:

Detection

LummaC Stealer
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for URL or domain
Source: https://atten-supporse.biz:443/api://%ProgramFiles% Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/744-1-2 Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/api1 Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz:443/apiUU2 Avira URL Cloud: Label: malware
Found malware configuration
Source: file.exe.2876.0.memstrmin Malware Configuration Extractor: LummaC {"C2 url": ["impend-differ.biz", "dwell-exclaim.biz", "se-blurry.biz", "atten-supporse.biz", "dare-curbys.biz", "zinc-sneark.biz", "formy-spill.biz", "covery-mover.biz", "print-vexer.biz"], "Build id": "LOGS11--LiveTraffic"}
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 39%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: impend-differ.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: print-vexer.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: dare-curbys.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: covery-mover.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: formy-spill.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: dwell-exclaim.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: zinc-sneark.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: se-blurry.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: atten-supporse.biz
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: Workgroup: -
Source: 00000000.00000002.2270699469.0000000000C51000.00000040.00000001.01000000.00000003.sdmp String decryptor: LOGS11--LiveTraffic
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C66B7E CryptUnprotectData, 0_2_00C66B7E
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49713 version: TLS 1.2
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h] 0_2_00C76170
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then push eax 0_2_00C5C36E
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h] 0_2_00C7C6D7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [esi], al 0_2_00C7C6D7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h] 0_2_00C7C6D7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h] 0_2_00C7C6D7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh 0_2_00C8E690
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+05h] 0_2_00C5A960
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edx], bl 0_2_00C5CE55
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h 0_2_00C8DBD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_00C59CC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh 0_2_00C8DCF0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], dx 0_2_00C67E82
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah] 0_2_00C7BFD3
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah] 0_2_00C7BFDA
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh] 0_2_00C75F7D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 0_2_00C7A060
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi+ebx], 00000000h 0_2_00C5C274
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, eax 0_2_00C72270
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 0_2_00C845F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp al, 2Eh 0_2_00C766E7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00C786F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h 0_2_00C7A630
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00C70717
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [ecx], dx 0_2_00C70717
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00C786F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00C8CAC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add ebp, dword ptr [esp+0Ch] 0_2_00C7AAD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [ecx+esi] 0_2_00C52B70
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebp, word ptr [ecx+ebx*2] 0_2_00C86B20
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00C8CCE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00C8CD60
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh] 0_2_00C66E97
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edi, eax 0_2_00C66E97
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h 0_2_00C6CEA5
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00C8CE00
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add ebx, 03h 0_2_00C78F5D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h 0_2_00C64F08
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, edx 0_2_00C64F08
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_00C6D087
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [esi], cl 0_2_00C7D085
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [esi], cl 0_2_00C7D085
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_00C6D074
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh] 0_2_00C67190
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch] 0_2_00C792D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ebx 0_2_00C792D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [00C94284h] 0_2_00C75230
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], bl 0_2_00C7B3DE
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], bl 0_2_00C7B3DE
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, bx 0_2_00C7536C
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [ecx], dx 0_2_00C77307
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [ebx], al 0_2_00C7B4BB
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00C7B475
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h] 0_2_00C57470
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, word ptr [edi+esi*4] 0_2_00C57470
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx-41h] 0_2_00C796D8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch] 0_2_00C77653
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh] 0_2_00C6597D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh] 0_2_00C66E97
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edi, eax 0_2_00C66E97
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebx, eax 0_2_00C55910
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebp, eax 0_2_00C55910
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h 0_2_00C75920
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [eax], cl 0_2_00C65ADC
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h 0_2_00C69C10
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh] 0_2_00C65EE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00C71EE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h 0_2_00C8DFB0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh] 0_2_00C75F7D

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.5:64160 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49704 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49705 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49706 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49707 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49708 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49713 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49709 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49722 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49705 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49706 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:49713 -> 104.21.48.1:443
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: impend-differ.biz
Source: Malware configuration extractor URLs: dwell-exclaim.biz
Source: Malware configuration extractor URLs: se-blurry.biz
Source: Malware configuration extractor URLs: atten-supporse.biz
Source: Malware configuration extractor URLs: dare-curbys.biz
Source: Malware configuration extractor URLs: zinc-sneark.biz
Source: Malware configuration extractor URLs: formy-spill.biz
Source: Malware configuration extractor URLs: covery-mover.biz
Source: Malware configuration extractor URLs: print-vexer.biz
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49707 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49713 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49709 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49722 -> 104.21.48.1:443
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=NRG4EX5TSVGAGUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12811Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=S3VQX4XMY4AUUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15047Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=8H6WZ2K2HQ3C0EUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20549Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=GRNSLLOILUIEJ2IWEALUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1262Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=NPJSDEQE47W6YAPLUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 570251Host: atten-supporse.biz
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: atten-supporse.biz
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000000.00000003.2156184668.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000003.2182636738.0000000005F7D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2183056768.0000000005F81000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2268418527.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2205721535.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270544673.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155923363.0000000005F91000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155687834.0000000005F90000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016DE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/
Source: file.exe, 00000000.00000003.2157515360.0000000005F04000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155726723.0000000005F04000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2156002703.0000000005F05000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/744-1-2
Source: file.exe, 00000000.00000003.2268418527.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2227003028.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2182875665.000000000173E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2205721535.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270544673.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2268418527.00000000016D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155923363.0000000005F91000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270461946.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155687834.0000000005F90000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271651117.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016DE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/api
Source: file.exe, 00000000.00000003.2155923363.0000000005F91000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155687834.0000000005F90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/api1
Source: file.exe, 00000000.00000003.2268418527.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270544673.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016DE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/apiq
Source: file.exe, 00000000.00000003.2268418527.00000000016D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016D0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/apis
Source: file.exe, 00000000.00000003.2227003028.0000000001759000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz:443/api://%ProgramFiles%
Source: file.exe, 00000000.00000003.2206119101.0000000001746000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2205795166.0000000001743000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz:443/apiUU2
Source: file.exe, 00000000.00000003.2227003028.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270461946.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271651117.0000000001759000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.bz/
Source: file.exe, 00000000.00000003.2157515360.0000000005F04000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.2157515360.0000000005F04000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000000.00000003.2157515360.0000000005F04000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2084953866.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085017975.0000000005F3A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084901511.0000000005F3D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000003.2157259258.0000000006228000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.5:49713 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C76170 0_2_00C76170
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5E2A9 0_2_00C5E2A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7C6D7 0_2_00C7C6D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8E690 0_2_00C8E690
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C587F0 0_2_00C587F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5A960 0_2_00C5A960
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C66B7E 0_2_00C66B7E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C86C40 0_2_00C86C40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C60FD6 0_2_00C60FD6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C86F90 0_2_00C86F90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C733A0 0_2_00C733A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C715F0 0_2_00C715F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C597B0 0_2_00C597B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C89B90 0_2_00C89B90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8DCF0 0_2_00C8DCF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7BFD3 0_2_00C7BFD3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7BFDA 0_2_00C7BFDA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D240DE 0_2_00D240DE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB40D4 0_2_00DB40D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C880D9 0_2_00C880D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC20CF 0_2_00DC20CF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7C0C1 0_2_00D7C0C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE40D6 0_2_00CE40D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5A0F2 0_2_00D5A0F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D820F1 0_2_00D820F1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB20F7 0_2_00DB20F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D3A0FC 0_2_00D3A0FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DA00EB 0_2_00DA00EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D6E0E1 0_2_00D6E0E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDE091 0_2_00DDE091
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7409A 0_2_00D7409A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5609A 0_2_00D5609A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CF209F 0_2_00CF209F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9608A 0_2_00D9608A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC2092 0_2_00CC2092
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7A089 0_2_00D7A089
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCA0BD 0_2_00DCA0BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D2A0B0 0_2_00D2A0B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DAE0BE 0_2_00DAE0BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB60B3 0_2_00DB60B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C780B0 0_2_00C780B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D500AC 0_2_00D500AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8C055 0_2_00D8C055
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D86041 0_2_00D86041
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB6051 0_2_00CB6051
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC8050 0_2_00CC8050
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CF406F 0_2_00CF406F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C75F7D 0_2_00C75F7D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5E06A 0_2_00C5E06A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D2606D 0_2_00D2606D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCE01C 0_2_00DCE01C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7E011 0_2_00D7E011
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE2003 0_2_00CE2003
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D3001E 0_2_00D3001E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB8018 0_2_00CB8018
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBE00C 0_2_00DBE00C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D3400E 0_2_00D3400E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CCE03B 0_2_00CCE03B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8A030 0_2_00C8A030
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D6002D 0_2_00D6002D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E201E6 0_2_00E201E6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBA1C3 0_2_00CBA1C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D2E1C2 0_2_00D2E1C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D661C3 0_2_00D661C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C801D0 0_2_00C801D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD01C5 0_2_00DD01C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D121C8 0_2_00D121C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D461CB 0_2_00D461CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C581F0 0_2_00C581F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D401E8 0_2_00D401E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CCE19D 0_2_00CCE19D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB2192 0_2_00CB2192
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC0195 0_2_00CC0195
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D021B4 0_2_00D021B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC81B0 0_2_00DC81B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D621A6 0_2_00D621A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DAC1A9 0_2_00DAC1A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD21B3 0_2_00CD21B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8015C 0_2_00D8015C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD015B 0_2_00CD015B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D90141 0_2_00D90141
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D60173 0_2_00D60173
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D0A169 0_2_00D0A169
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE8165 0_2_00DE8165
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D54115 0_2_00D54115
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7A100 0_2_00C7A100
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D3211D 0_2_00D3211D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5810E 0_2_00D5810E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DFE101 0_2_00DFE101
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9C13B 0_2_00D9C13B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE0137 0_2_00DE0137
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE4123 0_2_00DE4123
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB82CB 0_2_00CB82CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8E2C0 0_2_00C8E2C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D4A2C2 0_2_00D4A2C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D662CE 0_2_00D662CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CF62E2 0_2_00CF62E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D762E4 0_2_00D762E4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB02BB 0_2_00DB02BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D942B0 0_2_00D942B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CCC2A7 0_2_00CCC2A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D362B8 0_2_00D362B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE22A2 0_2_00DE22A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D68254 0_2_00D68254
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DEE246 0_2_00DEE246
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D0424B 0_2_00D0424B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DAA241 0_2_00DAA241
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDA269 0_2_00DDA269
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C54270 0_2_00C54270
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C72270 0_2_00C72270
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB4271 0_2_00CB4271
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DA2218 0_2_00DA2218
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C56200 0_2_00C56200
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D00203 0_2_00D00203
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDE209 0_2_00DDE209
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5E203 0_2_00D5E203
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D84229 0_2_00D84229
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D063D7 0_2_00D063D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBA3CB 0_2_00DBA3CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9C3F2 0_2_00D9C3F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D383E1 0_2_00D383E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8A3F0 0_2_00C8A3F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CDE38D 0_2_00CDE38D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D02390 0_2_00D02390
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBA38E 0_2_00CBA38E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9E397 0_2_00D9E397
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC238C 0_2_00DC238C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE6388 0_2_00DE6388
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD8392 0_2_00CD8392
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D783BD 0_2_00D783BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D223BF 0_2_00D223BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D163A6 0_2_00D163A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC03A1 0_2_00DC03A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DAC35E 0_2_00DAC35E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE0348 0_2_00CE0348
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D26341 0_2_00D26341
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CFE352 0_2_00CFE352
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1437F 0_2_00E1437F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6C360 0_2_00C6C360
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC430D 0_2_00CC430D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D4433A 0_2_00D4433A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D304D7 0_2_00D304D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D6E4D2 0_2_00D6E4D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC24D0 0_2_00CC24D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D3E4CF 0_2_00D3E4CF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D184FB 0_2_00D184FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D544E4 0_2_00D544E4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE24FC 0_2_00CE24FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D104E5 0_2_00D104E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB24F3 0_2_00CB24F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD44E7 0_2_00DD44E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB84E6 0_2_00DB84E6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD448C 0_2_00CD448C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC648A 0_2_00DC648A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D2A485 0_2_00D2A485
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CCA491 0_2_00CCA491
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8C485 0_2_00D8C485
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D484BC 0_2_00D484BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D0E4AC 0_2_00D0E4AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D724A8 0_2_00D724A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9045D 0_2_00D9045D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DEA47F 0_2_00DEA47F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D0A47A 0_2_00D0A47A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8E475 0_2_00D8E475
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCC471 0_2_00DCC471
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC4473 0_2_00CC4473
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D56413 0_2_00D56413
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBC416 0_2_00DBC416
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB642C 0_2_00DB642C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C86430 0_2_00C86430
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDC5DD 0_2_00DDC5DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CFA5CE 0_2_00CFA5CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE85CF 0_2_00DE85CF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDE5C7 0_2_00DDE5C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D465F7 0_2_00D465F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7C5E3 0_2_00D7C5E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D62584 0_2_00D62584
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE458A 0_2_00DE458A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB8590 0_2_00CB8590
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D4E5B8 0_2_00D4E5B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CF65BA 0_2_00CF65BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD6543 0_2_00CD6543
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D2E566 0_2_00D2E566
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD2569 0_2_00DD2569
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DEC56B 0_2_00DEC56B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8A56E 0_2_00D8A56E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C66571 0_2_00C66571
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9C566 0_2_00D9C566
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D60516 0_2_00D60516
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB050E 0_2_00CB050E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD8502 0_2_00CD8502
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DA0505 0_2_00DA0505
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DA853C 0_2_00DA853C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CFE526 0_2_00CFE526
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D3C6D8 0_2_00D3C6D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5E6D9 0_2_00D5E6D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD86CB 0_2_00DD86CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C766E7 0_2_00C766E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC06EF 0_2_00CC06EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD46EA 0_2_00CD46EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBA6E5 0_2_00CBA6E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D0C6E8 0_2_00D0C6E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DAE69D 0_2_00DAE69D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D80688 0_2_00D80688
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C56690 0_2_00C56690
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C86690 0_2_00C86690
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2868D 0_2_00E2868D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CDE6BE 0_2_00CDE6BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE26A3 0_2_00DE26A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D44656 0_2_00D44656
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D04641 0_2_00D04641
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D42643 0_2_00D42643
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D1264C 0_2_00D1264C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D2E675 0_2_00D2E675
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C62670 0_2_00C62670
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CF0678 0_2_00CF0678
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D1066D 0_2_00D1066D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBE617 0_2_00DBE617
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D88615 0_2_00D88615
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5C60A 0_2_00D5C60A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB4629 0_2_00CB4629
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7E7D6 0_2_00D7E7D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D4A7DD 0_2_00D4A7DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CCA7DE 0_2_00CCA7DE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D567C7 0_2_00D567C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D707C1 0_2_00D707C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC87EB 0_2_00CC87EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CEE7E7 0_2_00CEE7E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7A7E3 0_2_00D7A7E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB6799 0_2_00CB6799
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE879D 0_2_00CE879D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D62783 0_2_00D62783
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CDC7AF 0_2_00CDC7AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C667A5 0_2_00C667A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D387B4 0_2_00D387B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC67BB 0_2_00DC67BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC67A4 0_2_00CC67A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CEA7BF 0_2_00CEA7BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC27BF 0_2_00CC27BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD87B8 0_2_00CD87B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CFC767 0_2_00CFC767
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C70717 0_2_00C70717
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CEC716 0_2_00CEC716
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDA703 0_2_00DDA703
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D26732 0_2_00D26732
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D34736 0_2_00D34736
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C68731 0_2_00C68731
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D64721 0_2_00D64721
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D2A8DC 0_2_00D2A8DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D208C6 0_2_00D208C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D4E8C3 0_2_00D4E8C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8E8C2 0_2_00D8E8C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D908F7 0_2_00D908F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D408E5 0_2_00D408E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD68F1 0_2_00CD68F1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D4C896 0_2_00D4C896
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DA2891 0_2_00DA2891
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB488F 0_2_00DB488F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D30886 0_2_00D30886
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D3A888 0_2_00D3A888
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D3288E 0_2_00D3288E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD6855 0_2_00DD6855
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5A85E 0_2_00D5A85E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC2853 0_2_00DC2853
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCE842 0_2_00DCE842
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D60877 0_2_00D60877
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB6878 0_2_00DB6878
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D02810 0_2_00D02810
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D0080C 0_2_00D0080C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D6E835 0_2_00D6E835
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9683C 0_2_00D9683C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBE9C9 0_2_00CBE9C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5A9EB 0_2_00E5A9EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD29CD 0_2_00DD29CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8A9CD 0_2_00D8A9CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9C9CE 0_2_00D9C9CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE49C9 0_2_00DE49C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D469CD 0_2_00D469CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CF29EF 0_2_00CF29EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D829F2 0_2_00D829F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D409FA 0_2_00D409FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB89FB 0_2_00CB89FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBC989 0_2_00CBC989
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5C996 0_2_00D5C996
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CF4985 0_2_00CF4985
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D4299A 0_2_00D4299A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE098F 0_2_00DE098F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C58990 0_2_00C58990
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DA89BA 0_2_00DA89BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5A9BF 0_2_00D5A9BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D669B9 0_2_00D669B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D0C944 0_2_00D0C944
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D86943 0_2_00D86943
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC6973 0_2_00EC6973
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB0976 0_2_00DB0976
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB497B 0_2_00CB497B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D18964 0_2_00D18964
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7297F 0_2_00C7297F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CCE973 0_2_00CCE973
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CF690F 0_2_00CF690F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE290B 0_2_00CE290B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC8910 0_2_00DC8910
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D78907 0_2_00D78907
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7C907 0_2_00D7C907
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D98908 0_2_00D98908
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB291D 0_2_00CB291D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDC90B 0_2_00DDC90B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D84930 0_2_00D84930
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5692C 0_2_00D5692C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD8ADD 0_2_00DD8ADD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8CAC0 0_2_00C8CAC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D48AD9 0_2_00D48AD9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D64ADB 0_2_00D64ADB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5EAC1 0_2_00D5EAC1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBAADD 0_2_00CBAADD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D08AF4 0_2_00D08AF4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D72AF2 0_2_00D72AF2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB0AFD 0_2_00DB0AFD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D22AF5 0_2_00D22AF5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBEA9F 0_2_00DBEA9F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB0A93 0_2_00CB0A93
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CF0A93 0_2_00CF0A93
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DECAB5 0_2_00DECAB5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE2AB2 0_2_00DE2AB2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D54AA6 0_2_00D54AA6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C64A40 0_2_00C64A40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F00A77 0_2_00F00A77
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D6CA5B 0_2_00D6CA5B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5CA54 0_2_00C5CA54
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D68A43 0_2_00D68A43
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CF8A54 0_2_00CF8A54
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DA6A44 0_2_00DA6A44
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8CA7D 0_2_00D8CA7D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC4A6A 0_2_00CC4A6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DACA73 0_2_00DACA73
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D3CA07 0_2_00D3CA07
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D00A06 0_2_00D00A06
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D2CA38 0_2_00D2CA38
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D12A3E 0_2_00D12A3E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7EBD6 0_2_00D7EBD6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D80BD4 0_2_00D80BD4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D54BD8 0_2_00D54BD8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBCBC9 0_2_00DBCBC9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB4BFD 0_2_00DB4BFD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D44BFE 0_2_00D44BFE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CCCBFF 0_2_00CCCBFF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D60BE0 0_2_00D60BE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9EBEE 0_2_00D9EBEE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D96BE1 0_2_00D96BE1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CEEB87 0_2_00CEEB87
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DA4B90 0_2_00DA4B90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D36B9F 0_2_00D36B9F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C54BA0 0_2_00C54BA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC0BA3 0_2_00CC0BA3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D88BA5 0_2_00D88BA5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D62B55 0_2_00D62B55
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD4B40 0_2_00CD4B40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6CB5A 0_2_00C6CB5A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D94B7B 0_2_00D94B7B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CDCB64 0_2_00CDCB64
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D26B60 0_2_00D26B60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCAB1C 0_2_00DCAB1C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DAEB18 0_2_00DAEB18
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC2B0C 0_2_00DC2B0C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D28B0C 0_2_00D28B0C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD0B30 0_2_00DD0B30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CFCB3F 0_2_00CFCB3F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC4CDC 0_2_00DC4CDC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D4ACD3 0_2_00D4ACD3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D4ECDF 0_2_00D4ECDF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE2CD6 0_2_00CE2CD6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB2CE8 0_2_00CB2CE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8CCE0 0_2_00C8CCE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBCCFE 0_2_00CBCCFE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB8CF3 0_2_00CB8CF3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CFCCF6 0_2_00CFCCF6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D32CE8 0_2_00D32CE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C72CF8 0_2_00C72CF8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DA0CE5 0_2_00DA0CE5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE6C9D 0_2_00DE6C9D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D98C83 0_2_00D98C83
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD0C90 0_2_00CD0C90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D84CB8 0_2_00D84CB8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC4CAF 0_2_00CC4CAF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE6CA9 0_2_00CE6CA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D3ACA1 0_2_00D3ACA1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DAAC5E 0_2_00DAAC5E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C84C4D 0_2_00C84C4D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D90C4C 0_2_00D90C4C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D1AC7C 0_2_00D1AC7C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD4C6C 0_2_00DD4C6C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7AC60 0_2_00D7AC60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCEC16 0_2_00DCEC16
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C68C1E 0_2_00C68C1E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D1CC0A 0_2_00D1CC0A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D94C3B 0_2_00D94C3B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D86C3B 0_2_00D86C3B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE0C23 0_2_00CE0C23
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D10C3E 0_2_00D10C3E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D18C3E 0_2_00D18C3E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC6C2C 0_2_00DC6C2C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DA2C2D 0_2_00DA2C2D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D3CDF2 0_2_00D3CDF2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D3EDFB 0_2_00D3EDFB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE6DF9 0_2_00CE6DF9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D92D8D 0_2_00D92D8D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC0D88 0_2_00DC0D88
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBEDA8 0_2_00CBEDA8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBADAC 0_2_00DBADAC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE2DB2 0_2_00CE2DB2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCCD5C 0_2_00DCCD5C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CCAD48 0_2_00CCAD48
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D4CD45 0_2_00D4CD45
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8CD60 0_2_00C8CD60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C74D70 0_2_00C74D70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD2D66 0_2_00DD2D66
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDCD1F 0_2_00DDCD1F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8ED3A 0_2_00D8ED3A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D2EEDE 0_2_00D2EEDE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1AEEC 0_2_00E1AEEC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D50EC8 0_2_00D50EC8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC0EFC 0_2_00DC0EFC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D2CEE2 0_2_00D2CEE2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBEEFF 0_2_00CBEEFF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5CEE0 0_2_00D5CEE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC2EFA 0_2_00CC2EFA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB0EF7 0_2_00CB0EF7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D88E88 0_2_00D88E88
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C66E97 0_2_00C66E97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D62E85 0_2_00D62E85
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C52EA0 0_2_00C52EA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D00EBA 0_2_00D00EBA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D40EBE 0_2_00D40EBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C76EBE 0_2_00C76EBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D30EAE 0_2_00D30EAE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD0EA3 0_2_00DD0EA3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC0E4A 0_2_00CC0E4A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CF8E42 0_2_00CF8E42
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDAE42 0_2_00DDAE42
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE8E66 0_2_00DE8E66
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D06E69 0_2_00D06E69
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DECE61 0_2_00DECE61
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC8E0F 0_2_00CC8E0F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6AE00 0_2_00C6AE00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8CE00 0_2_00C8CE00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB8E12 0_2_00DB8E12
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CECE1E 0_2_00CECE1E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D20E01 0_2_00D20E01
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDEE06 0_2_00DDEE06
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D52E2D 0_2_00D52E2D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE0FCD 0_2_00CE0FCD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CFAFC2 0_2_00CFAFC2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CEAFC0 0_2_00CEAFC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D22FC2 0_2_00D22FC2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D80FC3 0_2_00D80FC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE2FFE 0_2_00DE2FFE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CDCFEC 0_2_00CDCFEC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCAFF8 0_2_00DCAFF8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CF0FE4 0_2_00CF0FE4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D28FE3 0_2_00D28FE3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DAEFE8 0_2_00DAEFE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D66F9E 0_2_00D66F9E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD6F93 0_2_00DD6F93
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DA4F95 0_2_00DA4F95
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7EF89 0_2_00D7EF89
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C68FAD 0_2_00C68FAD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D56FBA 0_2_00D56FBA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7CFA6 0_2_00D7CFA6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CF2FB8 0_2_00CF2FB8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D42F55 0_2_00D42F55
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D82F4D 0_2_00D82F4D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9EF41 0_2_00D9EF41
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C78F5D 0_2_00C78F5D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D98F42 0_2_00D98F42
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD8F6C 0_2_00CD8F6C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D2AF70 0_2_00D2AF70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DEEF77 0_2_00DEEF77
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D32F79 0_2_00D32F79
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD4F09 0_2_00CD4F09
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D3AF1B 0_2_00D3AF1B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C64F08 0_2_00C64F08
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D46F1B 0_2_00D46F1B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB2F31 0_2_00DB2F31
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5EF3A 0_2_00D5EF3A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D6EF23 0_2_00D6EF23
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6EF30 0_2_00C6EF30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D0EF26 0_2_00D0EF26
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CCEF36 0_2_00CCEF36
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB6F27 0_2_00DB6F27
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D590DC 0_2_00D590DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC30C2 0_2_00CC30C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5B0C2 0_2_00D5B0C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC90FA 0_2_00DC90FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1F0D3 0_2_00E1F0D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CDF0FF 0_2_00CDF0FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D6F0E0 0_2_00D6F0E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7B0EA 0_2_00D7B0EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7D085 0_2_00C7D085
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC7081 0_2_00DC7081
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D690B5 0_2_00D690B5
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00C64A30 appears 76 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00C58000 appears 55 times
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.997627865484429
Source: file.exe Static PE information: Section: xyjapqsh ZLIB complexity 0.9942076156859846
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@1/0@1/1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C80A6C CoCreateInstance, 0_2_00C80A6C
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe, 00000000.00000003.2085220224.0000000005F27000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085449890.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe ReversingLabs: Detection: 39%
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: file.exe Static file information: File size 1895424 > 1048576
Source: file.exe Static PE information: Raw size of xyjapqsh is bigger than: 0x100000 < 0x1a6c00

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.c50000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xyjapqsh:EW;fjnsenoe:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xyjapqsh:EW;fjnsenoe:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1de5a6 should be: 0x1de476
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: xyjapqsh
Source: file.exe Static PE information: section name: fjnsenoe
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA92DC push 6E698301h; mov dword ptr [esp], esi 0_2_00CA9E4B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA80CB push 4501FEACh; mov dword ptr [esp], edx 0_2_00CA9184
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA80CB push 6E698301h; mov dword ptr [esp], esi 0_2_00CA9E4B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA80CB push ecx; mov dword ptr [esp], eax 0_2_00CA9EEE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB40D4 push ebp; mov dword ptr [esp], ecx 0_2_00DB45F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB40D4 push eax; mov dword ptr [esp], ecx 0_2_00DB463A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB40D4 push 321E79D0h; mov dword ptr [esp], edi 0_2_00DB470E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB40D4 push 43461CBBh; mov dword ptr [esp], eax 0_2_00DB477C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB40D4 push 380B79A4h; mov dword ptr [esp], ebx 0_2_00DB4799
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB40D4 push ebx; mov dword ptr [esp], edi 0_2_00DB47C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB40D4 push eax; mov dword ptr [esp], 00000000h 0_2_00DB47E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB40D4 push ebx; mov dword ptr [esp], eax 0_2_00DB47FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB40D4 push 10D2F6F3h; mov dword ptr [esp], eax 0_2_00DB4821
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE40D6 push 6A1A3047h; mov dword ptr [esp], edx 0_2_00CE4479
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE40D6 push 49415445h; mov dword ptr [esp], eax 0_2_00CE44CF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE40D6 push 32671A53h; mov dword ptr [esp], edi 0_2_00CE4511
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE40D6 push edi; mov dword ptr [esp], edx 0_2_00CE4539
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE40D6 push 423F8820h; mov dword ptr [esp], edx 0_2_00CE456A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE40D6 push 1F83E159h; mov dword ptr [esp], edx 0_2_00CE4575
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE40D6 push ebp; mov dword ptr [esp], ebx 0_2_00CE4623
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE40D6 push ecx; mov dword ptr [esp], edi 0_2_00CE4666
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E340D7 push ecx; mov dword ptr [esp], edx 0_2_00E340E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E340D7 push ebp; mov dword ptr [esp], ecx 0_2_00E34170
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2E0A5 push 2FFAD9BCh; mov dword ptr [esp], ecx 0_2_00E2E0ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9608A push edx; mov dword ptr [esp], 5F04894Dh 0_2_00D96607
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9608A push esi; mov dword ptr [esp], ebx 0_2_00D96615
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9608A push 46F1CDCBh; mov dword ptr [esp], edx 0_2_00D966A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9608A push ebp; mov dword ptr [esp], esi 0_2_00D966DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9608A push 786C76A7h; mov dword ptr [esp], ebp 0_2_00D966FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9608A push 7552DA3Ch; mov dword ptr [esp], edx 0_2_00D96744
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9608A push edi; mov dword ptr [esp], ebx 0_2_00D96792
Source: file.exe Static PE information: section name: entropy: 7.97823310420282
Source: file.exe Static PE information: section name: xyjapqsh entropy: 7.953197683807969

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\file.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\file.exe System information queried: FirmwareTableInformation Jump to behavior
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA90B1 second address: CA90D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A619h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA90D2 second address: CA90D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E281F3 second address: E281F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E281F9 second address: E28201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E2D3C1 second address: E2D3DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007F450CC4A606h 0x0000000c popad 0x0000000d jmp 00007F450CC4A60Fh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30954 second address: E30963 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30A20 second address: E30A24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30A24 second address: E30A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30A2A second address: E30A51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A618h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c jo 00007F450CC4A60Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30A51 second address: E30A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F450CC4AB1Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30A5D second address: E30ACD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 jmp 00007F450CC4A618h 0x0000000e pop eax 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F450CC4A608h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 jg 00007F450CC4A60Bh 0x0000002f lea ebx, dword ptr [ebp+1245B889h] 0x00000035 xchg eax, ebx 0x00000036 jmp 00007F450CC4A616h 0x0000003b push eax 0x0000003c push edi 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30ACD second address: E30AD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30B70 second address: E30B95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A617h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30B95 second address: E30BAB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F450CC4AB1Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30BAB second address: E30C6B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b je 00007F450CC4A618h 0x00000011 pop eax 0x00000012 mov esi, dword ptr [ebp+122D29A5h] 0x00000018 mov edi, dword ptr [ebp+122D28A9h] 0x0000001e push 00000003h 0x00000020 mov ecx, dword ptr [ebp+122D2A75h] 0x00000026 mov dword ptr [ebp+122D1C03h], edi 0x0000002c push 00000000h 0x0000002e mov dword ptr [ebp+122D2E22h], edi 0x00000034 push 00000003h 0x00000036 clc 0x00000037 push BF73C288h 0x0000003c jmp 00007F450CC4A610h 0x00000041 add dword ptr [esp], 008C3D78h 0x00000048 push 00000000h 0x0000004a push edi 0x0000004b call 00007F450CC4A608h 0x00000050 pop edi 0x00000051 mov dword ptr [esp+04h], edi 0x00000055 add dword ptr [esp+04h], 0000001Dh 0x0000005d inc edi 0x0000005e push edi 0x0000005f ret 0x00000060 pop edi 0x00000061 ret 0x00000062 lea ebx, dword ptr [ebp+1245B892h] 0x00000068 mov edx, 02DDB43Ah 0x0000006d xchg eax, ebx 0x0000006e push edi 0x0000006f jl 00007F450CC4A618h 0x00000075 jmp 00007F450CC4A612h 0x0000007a pop edi 0x0000007b push eax 0x0000007c jng 00007F450CC4A614h 0x00000082 pushad 0x00000083 jg 00007F450CC4A606h 0x00000089 push eax 0x0000008a push edx 0x0000008b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30D05 second address: E30D2D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov di, D5E0h 0x00000012 push 00000000h 0x00000014 mov esi, dword ptr [ebp+122D2AF9h] 0x0000001a call 00007F450CC4AB19h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 push esi 0x00000023 pop esi 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30D2D second address: E30D36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30D36 second address: E30D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F450CC4AB16h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007F450CC4AB24h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push edi 0x00000017 jc 00007F450CC4AB24h 0x0000001d jmp 00007F450CC4AB1Eh 0x00000022 pop edi 0x00000023 mov eax, dword ptr [eax] 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30D78 second address: E30D86 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F450CC4A606h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4EC84 second address: E4EC8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F450CC4AB16h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4EC8F second address: E4EC94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4EC94 second address: E4EC9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4F243 second address: E4F273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F450CC4A617h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f popad 0x00000010 jng 00007F450CC4A612h 0x00000016 jo 00007F450CC4A606h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4F273 second address: E4F292 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F450CC4AB1Bh 0x0000000b jmp 00007F450CC4AB1Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4F411 second address: E4F41D instructions: 0x00000000 rdtsc 0x00000002 jl 00007F450CC4A606h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4F56D second address: E4F573 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4F573 second address: E4F5B1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F450CC4A606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jo 00007F450CC4A606h 0x00000016 jmp 00007F450CC4A60Dh 0x0000001b jmp 00007F450CC4A615h 0x00000020 popad 0x00000021 pushad 0x00000022 push edx 0x00000023 pop edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4F727 second address: E4F72D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4F8AF second address: E4F8C2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F450CC4A608h 0x0000000c push edi 0x0000000d pop edi 0x0000000e pushad 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4F8C2 second address: E4F8D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F450CC4AB16h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1AA3F second address: E1AA48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1AA48 second address: E1AA4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1AA4D second address: E1AA75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A614h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4A60Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E50578 second address: E5059E instructions: 0x00000000 rdtsc 0x00000002 js 00007F450CC4AB1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F450CC4AB24h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5059E second address: E505A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E505A2 second address: E505E0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F450CC4AB1Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d ja 00007F450CC4AB48h 0x00000013 jmp 00007F450CC4AB1Ah 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F450CC4AB26h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E505E0 second address: E505EA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F450CC4A606h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E50C9F second address: E50CBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB27h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5AE1D second address: E5AE2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jnc 00007F450CC4A606h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5B115 second address: E5B11A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5B11A second address: E5B152 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F450CC4A623h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c jp 00007F450CC4A606h 0x00000012 pushad 0x00000013 popad 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5B152 second address: E5B156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5B2A3 second address: E5B2A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5B2A9 second address: E5B2C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4AB1Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5D11E second address: E5D124 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5D124 second address: E5D128 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5D773 second address: E5D777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5D859 second address: E5D85D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5D94F second address: E5D973 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4A619h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5D9E3 second address: E5DA03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F450CC4AB1Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5EB2F second address: E5EB60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A614h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4A617h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5EB60 second address: E5EBF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F450CC4AB18h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 movsx edi, si 0x00000028 mov edi, dword ptr [ebp+122D1B19h] 0x0000002e push 00000000h 0x00000030 and edi, dword ptr [ebp+122D2969h] 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ebp 0x0000003b call 00007F450CC4AB18h 0x00000040 pop ebp 0x00000041 mov dword ptr [esp+04h], ebp 0x00000045 add dword ptr [esp+04h], 00000018h 0x0000004d inc ebp 0x0000004e push ebp 0x0000004f ret 0x00000050 pop ebp 0x00000051 ret 0x00000052 mov esi, dword ptr [ebp+122D26D0h] 0x00000058 mov esi, dword ptr [ebp+122D29D5h] 0x0000005e xchg eax, ebx 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F450CC4AB26h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5FC65 second address: E5FCBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jp 00007F450CC4A61Ah 0x0000000b popad 0x0000000c nop 0x0000000d pushad 0x0000000e mov eax, dword ptr [ebp+1247F65Bh] 0x00000014 sub edx, dword ptr [ebp+122D3219h] 0x0000001a popad 0x0000001b push 00000000h 0x0000001d mov di, dx 0x00000020 push 00000000h 0x00000022 jl 00007F450CC4A60Ch 0x00000028 jmp 00007F450CC4A60Fh 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edi 0x00000032 pop edi 0x00000033 pop eax 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E60462 second address: E60481 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F450CC4AB25h 0x00000008 jmp 00007F450CC4AB1Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E61C42 second address: E61C48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E60F9A second address: E60F9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E61C48 second address: E61C5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A612h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E60F9E second address: E60FAC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E61C5E second address: E61C62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E60FAC second address: E60FB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E61C62 second address: E61C85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F450CC4A617h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E61C85 second address: E61C9E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F450CC4AB21h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E61C9E second address: E61D01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A613h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F450CC4A608h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 mov esi, dword ptr [ebp+122D205Fh] 0x0000002b push 00000000h 0x0000002d push edx 0x0000002e mov dword ptr [ebp+122D2195h], edx 0x00000034 pop esi 0x00000035 add di, F52Ch 0x0000003a push 00000000h 0x0000003c sub edi, dword ptr [ebp+122D297Dh] 0x00000042 mov esi, 4EA567A9h 0x00000047 push eax 0x00000048 pushad 0x00000049 je 00007F450CC4A60Ch 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E667DA second address: E667DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E677E0 second address: E677EE instructions: 0x00000000 rdtsc 0x00000002 jg 00007F450CC4A606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E677EE second address: E677F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E677F2 second address: E67856 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F450CC4A608h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov bx, si 0x0000002a push 00000000h 0x0000002c and bl, 0000002Eh 0x0000002f push 00000000h 0x00000031 or edi, dword ptr [ebp+122D2E28h] 0x00000037 jmp 00007F450CC4A616h 0x0000003c xchg eax, esi 0x0000003d jbe 00007F450CC4A61Ch 0x00000043 push eax 0x00000044 push edx 0x00000045 push ebx 0x00000046 pop ebx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E686CF second address: E686D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E679C1 second address: E679DF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jns 00007F450CC4A606h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F450CC4A60Bh 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E679DF second address: E679E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F450CC4AB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E688E7 second address: E688ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E695E5 second address: E695E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E679E9 second address: E67A76 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F450CC4A606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov edi, dword ptr [ebp+122D233Eh] 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007F450CC4A608h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 00000019h 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b pushad 0x0000003c jbe 00007F450CC4A606h 0x00000042 movsx eax, cx 0x00000045 popad 0x00000046 mov eax, dword ptr [ebp+122D0B9Dh] 0x0000004c add dword ptr [ebp+122D2730h], esi 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push eax 0x00000057 call 00007F450CC4A608h 0x0000005c pop eax 0x0000005d mov dword ptr [esp+04h], eax 0x00000061 add dword ptr [esp+04h], 0000001Dh 0x00000069 inc eax 0x0000006a push eax 0x0000006b ret 0x0000006c pop eax 0x0000006d ret 0x0000006e mov ebx, dword ptr [ebp+122DB252h] 0x00000074 nop 0x00000075 push eax 0x00000076 push edx 0x00000077 push eax 0x00000078 push edx 0x00000079 push eax 0x0000007a push edx 0x0000007b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E695E9 second address: E695EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E67A76 second address: E67A7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E68987 second address: E6898C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E695EF second address: E695F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E67A7A second address: E67A80 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E67A80 second address: E67A8A instructions: 0x00000000 rdtsc 0x00000002 js 00007F450CC4A60Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6975E second address: E6978B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4AB24h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6B522 second address: E6B526 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C5D1 second address: E6C5F5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F450CC4AB27h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C5F5 second address: E6C5FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6A6AA second address: E6A6B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C5FA second address: E6C67D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F450CC4A606h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e movsx ebx, di 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F450CC4A608h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D1A0Ch], edx 0x00000033 jmp 00007F450CC4A60Fh 0x00000038 push 00000000h 0x0000003a push esi 0x0000003b jnp 00007F450CC4A609h 0x00000041 pop ebx 0x00000042 xchg eax, esi 0x00000043 jmp 00007F450CC4A60Ch 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c jmp 00007F450CC4A616h 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6A6B3 second address: E6A6D7 instructions: 0x00000000 rdtsc 0x00000002 je 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f je 00007F450CC4AB16h 0x00000015 jmp 00007F450CC4AB1Eh 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C67D second address: E6C682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6A6D7 second address: E6A6DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6A6DD second address: E6A6E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6A6E1 second address: E6A6E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6D7E8 second address: E6D7FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A611h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6A794 second address: E6A7A2 instructions: 0x00000000 rdtsc 0x00000002 je 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E70804 second address: E70818 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F450CC4A60Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E70818 second address: E70893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F450CC4AB21h 0x0000000d nop 0x0000000e mov ebx, dword ptr [ebp+122D1AA2h] 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007F450CC4AB18h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 0000001Bh 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 push 00000000h 0x00000032 mov ebx, dword ptr [ebp+122D2A89h] 0x00000038 xchg eax, esi 0x00000039 jl 00007F450CC4AB20h 0x0000003f pushad 0x00000040 jo 00007F450CC4AB16h 0x00000046 push edx 0x00000047 pop edx 0x00000048 popad 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d jno 00007F450CC4AB16h 0x00000053 jmp 00007F450CC4AB22h 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E70893 second address: E7089D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F450CC4A606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7089D second address: E708A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E718BD second address: E71908 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a add bx, 371Ah 0x0000000f push 00000000h 0x00000011 mov ebx, 1C91E7DDh 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007F450CC4A608h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 00000016h 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 cmc 0x00000033 push eax 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F450CC4A610h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E729E4 second address: E729F5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E729F5 second address: E72A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F450CC4A606h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6E8B0 second address: E6E8B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6E8B5 second address: E6E8BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E748EC second address: E748F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E748F1 second address: E748F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6E8BB second address: E6E8C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6E8C8 second address: E6E8CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E75907 second address: E759B4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F450CC4AB18h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 jmp 00007F450CC4AB28h 0x00000028 and ebx, 7EFE7F4Dh 0x0000002e push 00000000h 0x00000030 sub dword ptr [ebp+122D2EC5h], eax 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push edx 0x0000003b call 00007F450CC4AB18h 0x00000040 pop edx 0x00000041 mov dword ptr [esp+04h], edx 0x00000045 add dword ptr [esp+04h], 0000001Dh 0x0000004d inc edx 0x0000004e push edx 0x0000004f ret 0x00000050 pop edx 0x00000051 ret 0x00000052 or dword ptr [ebp+122D2CD4h], edi 0x00000058 xchg eax, esi 0x00000059 pushad 0x0000005a jmp 00007F450CC4AB27h 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F450CC4AB21h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6F983 second address: E6F9A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4A612h 0x00000009 popad 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6F9A1 second address: E6F9A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7969F second address: E796C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A610h 0x00000009 jmp 00007F450CC4A611h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7A0FC second address: E7A102 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7E5F0 second address: E7E60F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F450CC4A615h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7EA35 second address: E7EA40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F450CC4AB16h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7EA40 second address: E7EA51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7EA51 second address: E7EA5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F450CC4AB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E70A4C second address: E70A56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F450CC4A606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E71A59 second address: E71A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E71A5D second address: E71A6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E71A6C second address: E71A71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E71A71 second address: E71A76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E71B29 second address: E71B2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E71B2D second address: E71B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E71B33 second address: E71B44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F450CC4AB1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E72BB1 second address: E72BBB instructions: 0x00000000 rdtsc 0x00000002 jng 00007F450CC4A60Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E73A4A second address: E73A51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E75AF8 second address: E75AFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E75AFD second address: E75B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4AB26h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E851C6 second address: E851D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F450CC4A606h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8C7D5 second address: E8C7DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8C7DF second address: E8C7E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8B500 second address: E8B516 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F450CC4AB16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jc 00007F450CC4AB16h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8BD7E second address: E8BD84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8BD84 second address: E8BD8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8BD8A second address: E8BD8F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8BD8F second address: E8BD9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8BD9A second address: E8BD9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8BF3F second address: E8BF5A instructions: 0x00000000 rdtsc 0x00000002 je 00007F450CC4AB22h 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8C0C0 second address: E8C0CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F450CC4A606h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8C0CD second address: E8C0DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8C0DE second address: E8C0F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A611h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8C0F5 second address: E8C0F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E92C0A second address: E92C18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jno 00007F450CC4A606h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E919D4 second address: E919FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Fh 0x00000007 jmp 00007F450CC4AB20h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E91B7C second address: E91B81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E91B81 second address: E91B86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E91B86 second address: E91B8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E92496 second address: E9249A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9249A second address: E9249E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9249E second address: E924C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F450CC4AB1Ch 0x0000000e je 00007F450CC4AB16h 0x00000014 js 00007F450CC4AB22h 0x0000001a jl 00007F450CC4AB16h 0x00000020 jng 00007F450CC4AB16h 0x00000026 push eax 0x00000027 push edx 0x00000028 push edx 0x00000029 pop edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E924C8 second address: E924CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E95832 second address: E95836 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E95836 second address: E95842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F450CC4A606h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E95842 second address: E95847 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E95847 second address: E9585B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c jbe 00007F450CC4A60Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1FC14 second address: E1FC38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F450CC4AB2Bh 0x0000000b jmp 00007F450CC4AB25h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1FC38 second address: E1FC42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F450CC4A606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1FC42 second address: E1FC46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1FC46 second address: E1FC77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F450CC4A614h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F450CC4A612h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9FAAA second address: E9FAC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F450CC4AB1Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9FAC0 second address: E9FAC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9FAC5 second address: E9FAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4AB29h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9FC1D second address: E9FC2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F450CC4A60Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9FD80 second address: E9FD9C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F450CC4AB24h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9FD9C second address: E9FDA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9FDA0 second address: E9FDA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA00A3 second address: EA00A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA00A7 second address: EA00D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F450CC4AB1Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F450CC4AB1Eh 0x00000011 jg 00007F450CC4AB16h 0x00000017 push esi 0x00000018 pop esi 0x00000019 popad 0x0000001a jc 00007F450CC4AB59h 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 jns 00007F450CC4AB16h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4605A second address: E4606B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A60Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4606B second address: E4606F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4606F second address: E46079 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E46079 second address: E4608F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4AB22h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4608F second address: E46093 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E46093 second address: E460A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d jl 00007F450CC4AB16h 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E460A7 second address: E460AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E460AD second address: E460B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E460B3 second address: E460B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E460B7 second address: E460BD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA09A0 second address: EA09C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F450CC4A617h 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA09C6 second address: EA09CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA09CE second address: EA09D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA09D5 second address: EA09DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9F1F3 second address: E9F1F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA4391 second address: EA43BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F450CC4AB1Fh 0x0000000e jmp 00007F450CC4AB22h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA43BB second address: EA43C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA43C3 second address: EA43D3 instructions: 0x00000000 rdtsc 0x00000002 js 00007F450CC4AB22h 0x00000008 jnp 00007F450CC4AB16h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E643FA second address: E64400 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E648C4 second address: E648D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4AB1Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E648D7 second address: E648FA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b jmp 00007F450CC4A616h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E64A10 second address: E64A15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E64A15 second address: E64A1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E64B9B second address: E64BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F450CC4AB16h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E64C7E second address: E64C84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6517E second address: E6519E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4AB20h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E652AD second address: E652C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A617h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E652C8 second address: E652E6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F450CC4AB1Eh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007F450CC4AB16h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6559B second address: E6565D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F450CC4A619h 0x00000010 popad 0x00000011 pop edx 0x00000012 nop 0x00000013 or dx, C629h 0x00000018 lea eax, dword ptr [ebp+1248F021h] 0x0000001e push 00000000h 0x00000020 push edi 0x00000021 call 00007F450CC4A608h 0x00000026 pop edi 0x00000027 mov dword ptr [esp+04h], edi 0x0000002b add dword ptr [esp+04h], 0000001Dh 0x00000033 inc edi 0x00000034 push edi 0x00000035 ret 0x00000036 pop edi 0x00000037 ret 0x00000038 pushad 0x00000039 jmp 00007F450CC4A616h 0x0000003e popad 0x0000003f jns 00007F450CC4A620h 0x00000045 nop 0x00000046 je 00007F450CC4A60Eh 0x0000004c push edi 0x0000004d jbe 00007F450CC4A606h 0x00000053 pop edi 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 jmp 00007F450CC4A619h 0x0000005d jns 00007F450CC4A606h 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6565D second address: E4605A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F450CC4AB18h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov dx, bx 0x00000027 call dword ptr [ebp+122D1A5Bh] 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F450CC4AB1Eh 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA76EC second address: EA76F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA76F2 second address: EA7712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F450CC4AB16h 0x0000000a popad 0x0000000b jmp 00007F450CC4AB25h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA7297 second address: EA72CE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F450CC4A612h 0x00000008 pop ecx 0x00000009 je 00007F450CC4A619h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jmp 00007F450CC4A611h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA72CE second address: EA72D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA72D2 second address: EA72E6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F450CC4A606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F450CC4A60Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA72E6 second address: EA72EB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA741D second address: EA7421 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA9E29 second address: EA9E3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4AB22h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA9E3F second address: EA9E43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA9E43 second address: EA9E4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA9E4B second address: EA9E56 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jo 00007F450CC4A606h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA9E56 second address: EA9E67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA9E67 second address: EA9E8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4A60Fh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d jne 00007F450CC4A606h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA9E8D second address: EA9E9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4AB1Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAA132 second address: EAA178 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push edi 0x0000000a pop edi 0x0000000b jmp 00007F450CC4A60Bh 0x00000010 pop ebx 0x00000011 pushad 0x00000012 push edi 0x00000013 pop edi 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007F450CC4A619h 0x0000001b popad 0x0000001c popad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F450CC4A60Ah 0x00000025 push ebx 0x00000026 pop ebx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EADAAA second address: EADAB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EADAB1 second address: EADAD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A613h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F450CC4A60Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EADD73 second address: EADD78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAE02E second address: EAE048 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F450CC4A606h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F450CC4A60Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB15A9 second address: EB15AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB15AF second address: EB15D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 jmp 00007F450CC4A611h 0x0000000d jng 00007F450CC4A606h 0x00000013 pop eax 0x00000014 jp 00007F450CC4A60Ah 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB1722 second address: EB1735 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Eh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB1AE3 second address: EB1B05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F450CC4A618h 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB1B05 second address: EB1B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4AB28h 0x00000010 jmp 00007F450CC4AB1Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB1B33 second address: EB1B3D instructions: 0x00000000 rdtsc 0x00000002 je 00007F450CC4A606h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB1CB7 second address: EB1CC1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F450CC4AB1Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB1CC1 second address: EB1CDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F450CC4A611h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB1CDC second address: EB1CF2 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F450CC4AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007F450CC4AB16h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB1CF2 second address: EB1D0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A615h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB1D0B second address: EB1D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB68DD second address: EB68E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB68E1 second address: EB68E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB68E7 second address: EB68F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB68F2 second address: EB68F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB6A58 second address: EB6A62 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F450CC4A606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB6A62 second address: EB6A7C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F450CC4AB24h 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB6A7C second address: EB6A86 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F450CC4A606h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB74A8 second address: EB74C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4AB27h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB74C3 second address: EB74C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB74C7 second address: EB74CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E15A85 second address: E15A9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A612h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E15A9B second address: E15AAC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E15AAC second address: E15AD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F450CC4A611h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F450CC4A60Eh 0x00000010 jp 00007F450CC4A60Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC116D second address: EC1173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC1173 second address: EC1182 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F450CC4A606h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC1182 second address: EC11AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F450CC4AB16h 0x0000000a jg 00007F450CC4AB16h 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F450CC4AB27h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC11AD second address: EC11B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F450CC4A606h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC11B9 second address: EC11BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC17B5 second address: EC17BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC17BA second address: EC17BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC17BF second address: EC17C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC17C5 second address: EC17CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC1FCE second address: EC1FF0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 jns 00007F450CC4A606h 0x0000000b pop ecx 0x0000000c pushad 0x0000000d jmp 00007F450CC4A60Dh 0x00000012 jp 00007F450CC4A606h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC79FE second address: EC7A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC7A02 second address: EC7A1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A614h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC911B second address: EC9121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECC59C second address: ECC5BD instructions: 0x00000000 rdtsc 0x00000002 js 00007F450CC4A606h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F450CC4A612h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECC5BD second address: ECC5C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECC5C3 second address: ECC5CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F450CC4A606h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECC5CE second address: ECC5D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECC5D4 second address: ECC5D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECC716 second address: ECC72E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4AB24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECCB65 second address: ECCB86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F450CC4A60Eh 0x00000011 jno 00007F450CC4A606h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED3B3E second address: ED3B49 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED3CA1 second address: ED3CAD instructions: 0x00000000 rdtsc 0x00000002 js 00007F450CC4A606h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED3CAD second address: ED3CD6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnc 00007F450CC4AB16h 0x00000009 jmp 00007F450CC4AB27h 0x0000000e pop ecx 0x0000000f jnp 00007F450CC4AB22h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED3CD6 second address: ED3CDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED3E39 second address: ED3E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED3E3E second address: ED3E5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A615h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED3E5E second address: ED3E62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED413E second address: ED414E instructions: 0x00000000 rdtsc 0x00000002 js 00007F450CC4A606h 0x00000008 jp 00007F450CC4A606h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED414E second address: ED4168 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F450CC4AB16h 0x0000000a jmp 00007F450CC4AB20h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE0370 second address: EE0374 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE0069 second address: EE0072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE0072 second address: EE0099 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A612h 0x00000007 jp 00007F450CC4A608h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jo 00007F450CC4A606h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE0099 second address: EE009D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE009D second address: EE00A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE00A7 second address: EE00AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEB651 second address: EEB669 instructions: 0x00000000 rdtsc 0x00000002 js 00007F450CC4A612h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F450CC4A60Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEB669 second address: EEB6A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB20h 0x00000007 jo 00007F450CC4AB16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jne 00007F450CC4AB16h 0x0000001a jg 00007F450CC4AB16h 0x00000020 push eax 0x00000021 pop eax 0x00000022 jo 00007F450CC4AB16h 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d push esi 0x0000002e pop esi 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEB6A3 second address: EEB6B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A610h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEB6B7 second address: EEB6BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEB6BD second address: EEB6C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EED256 second address: EED25A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EED25A second address: EED25E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EED25E second address: EED26F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 je 00007F450CC4AB16h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F046F5 second address: F046F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F046F9 second address: F046FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F046FF second address: F04705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F04705 second address: F0470D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0470D second address: F04711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F05FBD second address: F05FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0A18A second address: F0A196 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F450CC4A606h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0A196 second address: F0A19C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0AA92 second address: F0AABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 jmp 00007F450CC4A619h 0x0000000e pop ecx 0x0000000f jo 00007F450CC4A614h 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1DBD9 second address: F1DBDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1DBDF second address: F1DBE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1DBE3 second address: F1DBE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1C2AF second address: F1C2B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1C2B3 second address: F1C2B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2C06A second address: F2C0AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jmp 00007F450CC4A614h 0x0000000e jl 00007F450CC4A624h 0x00000014 jmp 00007F450CC4A618h 0x00000019 jne 00007F450CC4A606h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2BF2D second address: F2BF32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F301E5 second address: F301F1 instructions: 0x00000000 rdtsc 0x00000002 je 00007F450CC4A60Eh 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2FF19 second address: F2FF1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1E0C6 second address: E1E0F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F450CC4A617h 0x00000009 jmp 00007F450CC4A60Fh 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F44528 second address: F4452C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F4452C second address: F44532 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F4491E second address: F4492A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F47E29 second address: F47E33 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F450CC4A60Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F47E33 second address: F47E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F48139 second address: F48143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F450CC4A606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F48143 second address: F48147 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F48438 second address: F4845B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F450CC4A60Ch 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007F450CC4A608h 0x0000001a push eax 0x0000001b pop eax 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F4963A second address: F4963E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F4963E second address: F49644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F49644 second address: F4964D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F4CDA7 second address: F4CDB1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F450CC4A606h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5FAA6 second address: E5FABF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB25h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D0314 second address: 55D0319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D0319 second address: 55D032A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4AB1Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D032A second address: 55D03B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A611h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d push ecx 0x0000000e pushfd 0x0000000f jmp 00007F450CC4A613h 0x00000014 or ax, D4BEh 0x00000019 jmp 00007F450CC4A619h 0x0000001e popfd 0x0000001f pop eax 0x00000020 pushfd 0x00000021 jmp 00007F450CC4A611h 0x00000026 and cx, BEF6h 0x0000002b jmp 00007F450CC4A611h 0x00000030 popfd 0x00000031 popad 0x00000032 mov ebp, esp 0x00000034 pushad 0x00000035 movzx ecx, di 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F450CC4A60Fh 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D03B9 second address: 55D03F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov edx, dword ptr [ebp+0Ch] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F450CC4AB27h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D03F2 second address: 55D040A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A614h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D040A second address: 55D040E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0694 second address: 55F0698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0698 second address: 55F069C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F069C second address: 55F06A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F06A2 second address: 55F06EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F450CC4AB22h 0x00000008 pop ecx 0x00000009 mov edx, 3AF94276h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 jmp 00007F450CC4AB1Ch 0x00000017 xchg eax, ebp 0x00000018 jmp 00007F450CC4AB20h 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F450CC4AB1Ah 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F06EE second address: 55F06FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F06FD second address: 55F0703 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0703 second address: 55F0707 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0707 second address: 55F074E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jmp 00007F450CC4AB1Ch 0x0000000e mov dword ptr [esp], ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov al, bh 0x00000016 pushfd 0x00000017 jmp 00007F450CC4AB26h 0x0000001c or ecx, 16464B88h 0x00000022 jmp 00007F450CC4AB1Bh 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F074E second address: 55F0754 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0754 second address: 55F0758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0758 second address: 55F0791 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007F450CC4A616h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F450CC4A60Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0791 second address: 55F0797 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0797 second address: 55F07C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 jmp 00007F450CC4A619h 0x0000000e lea eax, dword ptr [ebp-04h] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F07C1 second address: 55F07F5 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 4764CAB5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F450CC4AB22h 0x0000000e popad 0x0000000f nop 0x00000010 jmp 00007F450CC4AB20h 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F07F5 second address: 55F0811 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A618h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0811 second address: 55F0838 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F450CC4AB25h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0838 second address: 55F083E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F098B second address: 55F0991 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0991 second address: 55F0995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0995 second address: 55F0010 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b retn 0004h 0x0000000e nop 0x0000000f sub esp, 04h 0x00000012 xor ebx, ebx 0x00000014 cmp eax, 00000000h 0x00000017 je 00007F450CC4AC63h 0x0000001d xor eax, eax 0x0000001f mov dword ptr [esp], 00000000h 0x00000026 mov dword ptr [esp+04h], 00000000h 0x0000002e call 00007F45115B90ABh 0x00000033 mov edi, edi 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F450CC4AB1Ah 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0010 second address: 55F0014 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0014 second address: 55F001A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F001A second address: 55F00DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov esi, 3A891D3Dh 0x00000010 push esi 0x00000011 pushfd 0x00000012 jmp 00007F450CC4A619h 0x00000017 or si, 0206h 0x0000001c jmp 00007F450CC4A611h 0x00000021 popfd 0x00000022 pop ecx 0x00000023 popad 0x00000024 push eax 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F450CC4A60Ch 0x0000002c sub cx, 10A8h 0x00000031 jmp 00007F450CC4A60Bh 0x00000036 popfd 0x00000037 jmp 00007F450CC4A618h 0x0000003c popad 0x0000003d xchg eax, ebp 0x0000003e jmp 00007F450CC4A610h 0x00000043 mov ebp, esp 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 pushfd 0x00000049 jmp 00007F450CC4A60Dh 0x0000004e sub ah, 00000026h 0x00000051 jmp 00007F450CC4A611h 0x00000056 popfd 0x00000057 pushad 0x00000058 popad 0x00000059 popad 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F00DC second address: 55F00E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F00E2 second address: 55F0134 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A619h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push FFFFFFFEh 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F450CC4A60Ch 0x00000014 sbb cl, 00000028h 0x00000017 jmp 00007F450CC4A60Bh 0x0000001c popfd 0x0000001d mov ax, F31Fh 0x00000021 popad 0x00000022 call 00007F450CC4A609h 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a pushad 0x0000002b popad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0134 second address: 55F0169 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F450CC4AB1Fh 0x00000008 pop esi 0x00000009 jmp 00007F450CC4AB29h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 mov eax, ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0169 second address: 55F016D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F016D second address: 55F0178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 mov bl, 02h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0178 second address: 55F0195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F450CC4A60Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0195 second address: 55F0199 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0199 second address: 55F019F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F019F second address: 55F01C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov eax, 5DF2F8B7h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f jmp 00007F450CC4AB1Dh 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b movzx esi, dx 0x0000001e mov ch, bl 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F01C8 second address: 55F01D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A60Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F01D8 second address: 55F0264 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 jmp 00007F450CC4AB27h 0x0000000e push 56933E39h 0x00000013 jmp 00007F450CC4AB1Fh 0x00000018 xor dword ptr [esp], 233A1549h 0x0000001f jmp 00007F450CC4AB26h 0x00000024 mov eax, dword ptr fs:[00000000h] 0x0000002a pushad 0x0000002b mov al, A8h 0x0000002d mov eax, edi 0x0000002f popad 0x00000030 push ebx 0x00000031 jmp 00007F450CC4AB22h 0x00000036 mov dword ptr [esp], eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F450CC4AB27h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0264 second address: 55F027A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, bx 0x00000006 mov bx, B546h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d sub esp, 18h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F027A second address: 55F027E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F027E second address: 55F0284 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0284 second address: 55F0342 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F450CC4AB1Eh 0x0000000f push eax 0x00000010 jmp 00007F450CC4AB1Bh 0x00000015 xchg eax, ebx 0x00000016 pushad 0x00000017 jmp 00007F450CC4AB24h 0x0000001c jmp 00007F450CC4AB22h 0x00000021 popad 0x00000022 xchg eax, esi 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F450CC4AB1Eh 0x0000002a sub cx, 19D8h 0x0000002f jmp 00007F450CC4AB1Bh 0x00000034 popfd 0x00000035 push eax 0x00000036 pushfd 0x00000037 jmp 00007F450CC4AB1Fh 0x0000003c adc esi, 00C5DC9Eh 0x00000042 jmp 00007F450CC4AB29h 0x00000047 popfd 0x00000048 pop esi 0x00000049 popad 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F450CC4AB1Dh 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0342 second address: 55F03E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, C6h 0x00000005 mov edi, esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b pushad 0x0000000c mov di, cx 0x0000000f pushfd 0x00000010 jmp 00007F450CC4A60Ch 0x00000015 and eax, 18A508F8h 0x0000001b jmp 00007F450CC4A60Bh 0x00000020 popfd 0x00000021 popad 0x00000022 xchg eax, edi 0x00000023 jmp 00007F450CC4A616h 0x00000028 push eax 0x00000029 jmp 00007F450CC4A60Bh 0x0000002e xchg eax, edi 0x0000002f jmp 00007F450CC4A616h 0x00000034 mov eax, dword ptr [75AF4538h] 0x00000039 jmp 00007F450CC4A610h 0x0000003e xor dword ptr [ebp-08h], eax 0x00000041 pushad 0x00000042 pushfd 0x00000043 jmp 00007F450CC4A60Eh 0x00000048 xor cl, 00000018h 0x0000004b jmp 00007F450CC4A60Bh 0x00000050 popfd 0x00000051 push eax 0x00000052 push edx 0x00000053 movzx esi, bx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F03E7 second address: 55F041E instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F450CC4AB1Bh 0x00000008 sbb esi, 42A78CDEh 0x0000000e jmp 00007F450CC4AB29h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 xor eax, ebp 0x00000019 pushad 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F041E second address: 55F046F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 jmp 00007F450CC4A60Eh 0x0000000c push eax 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F450CC4A611h 0x00000014 xor ch, 00000076h 0x00000017 jmp 00007F450CC4A611h 0x0000001c popfd 0x0000001d push eax 0x0000001e mov cx, di 0x00000021 pop edx 0x00000022 popad 0x00000023 nop 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov edi, 00C29DD6h 0x0000002c mov si, dx 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F046F second address: 55F04BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, EFh 0x00000005 mov dh, 28h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a lea eax, dword ptr [ebp-10h] 0x0000000d pushad 0x0000000e push esi 0x0000000f pushfd 0x00000010 jmp 00007F450CC4AB1Fh 0x00000015 sbb ch, 0000000Eh 0x00000018 jmp 00007F450CC4AB29h 0x0000001d popfd 0x0000001e pop esi 0x0000001f mov ebx, 45062004h 0x00000024 popad 0x00000025 mov dword ptr fs:[00000000h], eax 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F04BE second address: 55F04C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F04C4 second address: 55F0598 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F450CC4AB1Dh 0x00000009 or cx, 91F6h 0x0000000e jmp 00007F450CC4AB21h 0x00000013 popfd 0x00000014 call 00007F450CC4AB20h 0x00000019 pop ecx 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov dword ptr [ebp-18h], esp 0x00000020 jmp 00007F450CC4AB21h 0x00000025 mov eax, dword ptr fs:[00000018h] 0x0000002b jmp 00007F450CC4AB1Eh 0x00000030 mov ecx, dword ptr [eax+00000FDCh] 0x00000036 jmp 00007F450CC4AB20h 0x0000003b test ecx, ecx 0x0000003d pushad 0x0000003e pushfd 0x0000003f jmp 00007F450CC4AB1Eh 0x00000044 jmp 00007F450CC4AB25h 0x00000049 popfd 0x0000004a pushad 0x0000004b mov di, ax 0x0000004e mov ah, 28h 0x00000050 popad 0x00000051 popad 0x00000052 jns 00007F450CC4AB77h 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b pushfd 0x0000005c jmp 00007F450CC4AB1Eh 0x00000061 sbb al, 00000068h 0x00000064 jmp 00007F450CC4AB1Bh 0x00000069 popfd 0x0000006a mov edx, esi 0x0000006c popad 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0598 second address: 55F05AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A610h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F05AC second address: 55F0603 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add eax, ecx 0x0000000d jmp 00007F450CC4AB26h 0x00000012 mov ecx, dword ptr [ebp+08h] 0x00000015 jmp 00007F450CC4AB20h 0x0000001a test ecx, ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F450CC4AB27h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0010 second address: 55E00AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F450CC4A616h 0x0000000f push eax 0x00000010 pushad 0x00000011 movsx edx, si 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 pushfd 0x00000018 jmp 00007F450CC4A616h 0x0000001d or ecx, 2F725958h 0x00000023 jmp 00007F450CC4A60Bh 0x00000028 popfd 0x00000029 popad 0x0000002a popad 0x0000002b xchg eax, ebp 0x0000002c jmp 00007F450CC4A616h 0x00000031 mov ebp, esp 0x00000033 jmp 00007F450CC4A610h 0x00000038 sub esp, 2Ch 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F450CC4A617h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E00AE second address: 55E00D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 1DC0733Ah 0x00000008 push ebx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 call 00007F450CC4AB1Fh 0x00000016 pop esi 0x00000017 mov dh, 63h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0196 second address: 55E01A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A60Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E01A9 second address: 55E01AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E01AD second address: 55E01C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test al, al 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F450CC4A610h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E01C9 second address: 55E0216 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F450CC4ACA8h 0x0000000f pushad 0x00000010 movzx eax, di 0x00000013 pushfd 0x00000014 jmp 00007F450CC4AB21h 0x00000019 sbb ecx, 51758D66h 0x0000001f jmp 00007F450CC4AB21h 0x00000024 popfd 0x00000025 popad 0x00000026 lea ecx, dword ptr [ebp-14h] 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0216 second address: 55E021C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E021C second address: 55E0245 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 5687h 0x00000007 mov ecx, 222ED423h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [ebp-14h], edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F450CC4AB25h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0274 second address: 55E0278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0278 second address: 55E027C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E027C second address: 55E0282 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0282 second address: 55E02C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F450CC4AB1Bh 0x0000000f nop 0x00000010 pushad 0x00000011 jmp 00007F450CC4AB24h 0x00000016 push eax 0x00000017 push edx 0x00000018 mov ah, 2Eh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E02EB second address: 55E038C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F450CC4A60Fh 0x00000009 adc si, B82Eh 0x0000000e jmp 00007F450CC4A619h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 jg 00007F457D108772h 0x0000001d jmp 00007F450CC4A60Dh 0x00000022 js 00007F450CC4A63Dh 0x00000028 jmp 00007F450CC4A60Eh 0x0000002d cmp dword ptr [ebp-14h], edi 0x00000030 jmp 00007F450CC4A610h 0x00000035 jne 00007F457D108747h 0x0000003b jmp 00007F450CC4A610h 0x00000040 mov ebx, dword ptr [ebp+08h] 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F450CC4A617h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E038C second address: 55E03C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-2Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov dh, BEh 0x00000011 jmp 00007F450CC4AB24h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E03C6 second address: 55E03EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F450CC4A612h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E03EB second address: 55E048D instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F450CC4AB22h 0x00000008 jmp 00007F450CC4AB25h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 mov ax, E53Dh 0x00000015 movzx eax, dx 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b pushad 0x0000001c call 00007F450CC4AB22h 0x00000021 mov esi, 57193CE1h 0x00000026 pop esi 0x00000027 mov dl, 60h 0x00000029 popad 0x0000002a xchg eax, esi 0x0000002b pushad 0x0000002c jmp 00007F450CC4AB24h 0x00000031 pushfd 0x00000032 jmp 00007F450CC4AB22h 0x00000037 xor al, FFFFFFD8h 0x0000003a jmp 00007F450CC4AB1Bh 0x0000003f popfd 0x00000040 popad 0x00000041 nop 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F450CC4AB20h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E048D second address: 55E0493 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0493 second address: 55E0499 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0499 second address: 55E049D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E049D second address: 55E04C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E04C2 second address: 55E04C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E04C8 second address: 55E0518 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F450CC4AB25h 0x00000009 xor ecx, 50100636h 0x0000000f jmp 00007F450CC4AB21h 0x00000014 popfd 0x00000015 mov bx, cx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b nop 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F450CC4AB24h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0518 second address: 55E051E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E051E second address: 55E052F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4AB1Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E052F second address: 55E054B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007F450CC4A60Ah 0x0000000e mov dword ptr [esp], ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E054B second address: 55E054F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E054F second address: 55E0555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D0DD5 second address: 55D0E84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F450CC4AB1Fh 0x00000008 mov dx, ax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 jmp 00007F450CC4AB20h 0x00000015 call 00007F450CC4AB22h 0x0000001a call 00007F450CC4AB22h 0x0000001f pop ecx 0x00000020 pop edi 0x00000021 popad 0x00000022 push eax 0x00000023 jmp 00007F450CC4AB21h 0x00000028 xchg eax, ebp 0x00000029 pushad 0x0000002a jmp 00007F450CC4AB1Ch 0x0000002f pushfd 0x00000030 jmp 00007F450CC4AB22h 0x00000035 or cx, 4328h 0x0000003a jmp 00007F450CC4AB1Bh 0x0000003f popfd 0x00000040 popad 0x00000041 mov ebp, esp 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F450CC4AB25h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0A31 second address: 55E0A67 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F450CC4A60Bh 0x00000008 and ax, 0ADEh 0x0000000d jmp 00007F450CC4A619h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0A67 second address: 55E0A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0A6D second address: 55E0A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0A72 second address: 55E0AAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 pushfd 0x00000006 jmp 00007F450CC4AB21h 0x0000000b xor ecx, 3ECC03C6h 0x00000011 jmp 00007F450CC4AB21h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0AAB second address: 55E0AAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0AAF second address: 55E0AC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0AC2 second address: 55E0ADA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F450CC4A614h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0ADA second address: 55E0B5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e pushad 0x0000000f mov edx, ecx 0x00000011 pushfd 0x00000012 jmp 00007F450CC4AB1Eh 0x00000017 xor si, 8128h 0x0000001c jmp 00007F450CC4AB1Bh 0x00000021 popfd 0x00000022 popad 0x00000023 call 00007F450CC4AB28h 0x00000028 mov edx, esi 0x0000002a pop ecx 0x0000002b popad 0x0000002c cmp dword ptr [75AF459Ch], 05h 0x00000033 jmp 00007F450CC4AB1Dh 0x00000038 je 00007F457D0F89D3h 0x0000003e pushad 0x0000003f call 00007F450CC4AB1Ch 0x00000044 mov bx, ax 0x00000047 pop ecx 0x00000048 pushad 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0B5C second address: 55E0B93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pop ebp 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F450CC4A611h 0x00000010 xor eax, 3FD3EC06h 0x00000016 jmp 00007F450CC4A611h 0x0000001b popfd 0x0000001c mov ch, ABh 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0BF6 second address: 55E0C83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F450CC4AB27h 0x00000009 add eax, 29243AAEh 0x0000000f jmp 00007F450CC4AB29h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F450CC4AB20h 0x0000001b add cx, 5428h 0x00000020 jmp 00007F450CC4AB1Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 mov eax, dword ptr [esp+04h] 0x0000002d jmp 00007F450CC4AB29h 0x00000032 mov eax, dword ptr [eax] 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F450CC4AB1Ch 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0D12 second address: 55E0D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0D16 second address: 55E0D1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0D1A second address: 55E0D20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55E0D74 second address: 55E0D78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F09B9 second address: 55F09BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F09BD second address: 55F09C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F09C3 second address: 55F09C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F09C9 second address: 55F09CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F09CD second address: 55F09D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F09D1 second address: 55F0A42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F450CC4AB20h 0x0000000e push eax 0x0000000f pushad 0x00000010 call 00007F450CC4AB21h 0x00000015 jmp 00007F450CC4AB20h 0x0000001a pop esi 0x0000001b pushfd 0x0000001c jmp 00007F450CC4AB1Bh 0x00000021 xor esi, 3ECFC08Eh 0x00000027 jmp 00007F450CC4AB29h 0x0000002c popfd 0x0000002d popad 0x0000002e xchg eax, ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0A42 second address: 55F0A55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0A55 second address: 55F0A9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F450CC4AB1Eh 0x00000010 xchg eax, esi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 call 00007F450CC4AB1Dh 0x00000019 pop eax 0x0000001a mov ebx, 0F64E074h 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0A9A second address: 55F0AB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A60Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F450CC4A60Bh 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0AB9 second address: 55F0B0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop edi 0x00000006 popad 0x00000007 mov di, si 0x0000000a popad 0x0000000b mov esi, dword ptr [ebp+0Ch] 0x0000000e jmp 00007F450CC4AB26h 0x00000013 test esi, esi 0x00000015 jmp 00007F450CC4AB20h 0x0000001a je 00007F457D0E83DEh 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F450CC4AB27h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0B0E second address: 55F0B41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4A619h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [75AF459Ch], 05h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F450CC4A60Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0B41 second address: 55F0B9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F450CC4AB21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F457D100457h 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F450CC4AB23h 0x00000016 jmp 00007F450CC4AB23h 0x0000001b popfd 0x0000001c popad 0x0000001d xchg eax, esi 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F450CC4AB25h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0B9E second address: 55F0BBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4A612h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0BBB second address: 55F0BC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0BC1 second address: 55F0BC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F0BC5 second address: 55F0BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F450CC4AB24h 0x00000010 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: E53277 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: CA608E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: E6442E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: EE184C instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA80CB rdtsc 0_2_00CA80CB
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 4052 Thread sleep time: -180000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3252 Thread sleep time: -30000s >= -30000s Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\file.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: file.exe, file.exe, 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: discord.comVMware20,11696428655f
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: global block list test formVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005FA3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000003.2268418527.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271416754.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270544673.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271288090.000000000167E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270318248.00000000016DE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: outlook.office.comVMware20,11696428655s
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: AMC password management pageVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: tasks.office.comVMware20,11696428655o
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: dev.azure.comVMware20,11696428655j
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2119556889.0000000005FA3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: YNVMware
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: file.exe, 00000000.00000003.2119556889.0000000005F9E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA80CB rdtsc 0_2_00CA80CB
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8B480 LdrInitializeThunk, 0_2_00C8B480
Source: file.exe, file.exe, 00000000.00000002.2270770149.0000000000E37000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Program Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: file.exe, 00000000.00000003.2227003028.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2213166476.0000000001743000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2270461946.0000000001759000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271651117.0000000001759000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Source: C:\Users\user\Desktop\file.exe WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information
barindex
Yara detected LummaC Stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 2876, type: MEMORYSTR
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
Found many strings related to Crypto-Wallets (likely being stolen)
Source: file.exe, 00000000.00000003.2084573871.0000000001745000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Wallets/Electrum-LTC
Source: file.exe, 00000000.00000003.2084573871.0000000001745000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Wallets/ElectronCash
Source: file.exe, 00000000.00000003.2183576461.000000000173F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
Source: file.exe, 00000000.00000003.2084573871.0000000001745000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: window-state.json
Source: file.exe, 00000000.00000003.2084573871.0000000001745000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: %appdata%\Exodus\exodus.walletm
Source: file.exe, 00000000.00000003.2183576461.000000000173F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ExodusWeb3
Source: file.exe, 00000000.00000003.2183576461.000000000173F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: file.exe, 00000000.00000003.2183576461.000000000173F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: keystore
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao Jump to behavior
Tries to harvest and steal ftp login credentials
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FTPbox Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FTPGetter Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FTPInfo Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\ProgramData\SiteDesigner\3D-FTP Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FTPRush Jump to behavior
Tries to steal Crypto Currency Wallets
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Binance Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB Jump to behavior
Searches for user specific document files
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents\JDDHMPCDUJ Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents\JDDHMPCDUJ Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: 00000000.00000003.2183576461.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2183284410.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2155738862.0000000001745000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2184825039.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2183365042.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2183995653.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2183909532.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2184609958.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2084573871.0000000001745000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2183070027.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2184342033.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2120532040.0000000001745000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2182875665.000000000173E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2184473776.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2156261014.0000000001745000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2183708520.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2184119723.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2184213865.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2183174320.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2183492043.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2184688562.000000000173E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2183790933.000000000173F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 2876, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected LummaC Stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 2876, type: MEMORYSTR
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1571961 Sample: file.exe Startdate: 09/12/2024 Architecture: WINDOWS Score: 100 10 atten-supporse.biz 2->10 14 Suricata IDS alerts for network traffic 2->14 16 Found malware configuration 2->16 18 Antivirus detection for URL or domain 2->18 20 8 other signatures 2->20 6 file.exe 2->6         started        signatures3 process4 dnsIp5 12 atten-supporse.biz 104.21.48.1, 443, 49704, 49705 CLOUDFLARENETUS United States 6->12 22 Detected unpacking (changes PE section rights) 6->22 24 Query firmware table information (likely to detect VMs) 6->24 26 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->26 28 9 other signatures 6->28 signatures6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.48.1
 atten-supporse.biz United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
atten-supporse.biz 104.21.48.1 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
dare-curbys.biz false
    		high
    impend-differ.biz false
      		high
      covery-mover.biz false
        		high
        https://atten-supporse.biz/api false
          		high
          dwell-exclaim.biz false
            		high
            zinc-sneark.biz false
              		high
              formy-spill.biz false
                		high
                atten-supporse.biz false
                  		high
                  se-blurry.biz false
                    		high
                    print-vexer.biz false
                      		high