Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1572006
MD5: 52868af74ee73e05662d437482d99489
SHA1: ee9cf98060ceebf880c722a87745601ca856fd30
SHA256: fd853a7428efb478e0fed242b3a4dc8fbb704e52a91dfabb4297bb2c4cc19d22
Tags: exeuser-Bitsight
Infos:

Detection

LummaC Stealer
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for URL or domain
Source: https://atten-supporse.biz/p( Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/apiye; Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/8/ Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/Cg3 Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/(/ Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/X/ Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/api5 Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/apiuG Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/Uidlye; Avira URL Cloud: Label: malware
Found malware configuration
Source: file.exe.3944.0.memstrmin Malware Configuration Extractor: LummaC {"C2 url": ["impend-differ.biz", "atten-supporse.biz", "formy-spill.biz", "zinc-sneark.biz", "print-vexer.biz", "dwell-exclaim.biz", "se-blurry.biz", "dare-curbys.biz", "covery-mover.biz"], "Build id": "LOGS11--LiveTraffic"}
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: impend-differ.biz
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: print-vexer.biz
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: dare-curbys.biz
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: covery-mover.biz
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: formy-spill.biz
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: dwell-exclaim.biz
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: zinc-sneark.biz
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: se-blurry.biz
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: atten-supporse.biz
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: - Screen Resoluton:
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: Workgroup: -
Source: 00000000.00000003.2034627716.0000000005540000.00000004.00001000.00020000.00000000.sdmp String decryptor: LOGS11--LiveTraffic
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D76B7E CryptUnprotectData, 0_2_00D76B7E
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49710 version: TLS 1.2
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h] 0_2_00D86170
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then push eax 0_2_00D6C36E
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h] 0_2_00D8C6D7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [esi], al 0_2_00D8C6D7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h] 0_2_00D8C6D7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h] 0_2_00D8C6D7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh 0_2_00D9E690
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+05h] 0_2_00D6A960
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edx], bl 0_2_00D6CE55
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h 0_2_00D9DBD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_00D69CC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh 0_2_00D9DCF0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], dx 0_2_00D77E82
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah] 0_2_00D8BFDA
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah] 0_2_00D8BFD3
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 0_2_00D8A060
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh] 0_2_00D85F7D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi+ebx], 00000000h 0_2_00D6C274
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, eax 0_2_00D82270
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 0_2_00D945F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00D886F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp al, 2Eh 0_2_00D866E7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h 0_2_00D8A630
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00D80717
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [ecx], dx 0_2_00D80717
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00D886F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add ebp, dword ptr [esp+0Ch] 0_2_00D8AAD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00D9CAC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [ecx+esi] 0_2_00D62B70
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebp, word ptr [ecx+ebx*2] 0_2_00D96B20
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00D9CCE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00D9CD60
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh] 0_2_00D76E97
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edi, eax 0_2_00D76E97
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h 0_2_00D7CEA5
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00D9CE00
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add ebx, 03h 0_2_00D88F5D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h 0_2_00D74F08
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, edx 0_2_00D74F08
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_00D7D087
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [esi], cl 0_2_00D8D085
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [esi], cl 0_2_00D8D085
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_00D7D074
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh] 0_2_00D77190
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch] 0_2_00D892D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ebx 0_2_00D892D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [00DA4284h] 0_2_00D85230
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], bl 0_2_00D8B3DE
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], bl 0_2_00D8B3DE
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, bx 0_2_00D8536C
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [ecx], dx 0_2_00D87307
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [ebx], al 0_2_00D8B4BB
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h] 0_2_00D67470
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, word ptr [edi+esi*4] 0_2_00D67470
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00D8B475
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx-41h] 0_2_00D896D8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch] 0_2_00D87653
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh] 0_2_00D7597D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebx, eax 0_2_00D65910
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebp, eax 0_2_00D65910
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh] 0_2_00D76E97
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edi, eax 0_2_00D76E97
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h 0_2_00D85920
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [eax], cl 0_2_00D75ADC
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h 0_2_00D79C10
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh] 0_2_00D75EE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00D81EE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h 0_2_00D9DFB0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh] 0_2_00D85F7D

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.5:60747 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49704 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49707 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49709 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49706 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49716 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49705 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49708 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49710 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49705 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49707 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:49710 -> 104.21.80.1:443
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: impend-differ.biz
Source: Malware configuration extractor URLs: atten-supporse.biz
Source: Malware configuration extractor URLs: formy-spill.biz
Source: Malware configuration extractor URLs: zinc-sneark.biz
Source: Malware configuration extractor URLs: print-vexer.biz
Source: Malware configuration extractor URLs: dwell-exclaim.biz
Source: Malware configuration extractor URLs: se-blurry.biz
Source: Malware configuration extractor URLs: dare-curbys.biz
Source: Malware configuration extractor URLs: covery-mover.biz
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49707 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49716 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49709 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49710 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 104.21.80.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.80.1:443
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=DDHQPF21IJA7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12805Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Q3PW8LXT5YT0RLDUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15065Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Q6XCM8Q5QSJ159QUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20555Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=C4UKFQXE8KUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1217Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=3JSBVCBAMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 570231Host: atten-supporse.biz
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: atten-supporse.biz
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
Source: file.exe, 00000000.00000003.2133528567.000000000607A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000000.00000003.2133528567.000000000607A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000000.00000003.2080931138.0000000001999000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2058959258.0000000001999000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2237778517.00000000019AA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2196862230.0000000001961000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081779151.0000000001999000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2156812212.000000000195D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236118925.00000000019A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081424148.0000000001999000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106519599.0000000001999000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2132681260.0000000001999000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.microsoftyo;
Source: file.exe, 00000000.00000003.2133528567.000000000607A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.2133528567.000000000607A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000003.2133528567.000000000607A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000003.2133528567.000000000607A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000000.00000003.2133528567.000000000607A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.2133528567.000000000607A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.2133528567.000000000607A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe, 00000000.00000003.2133528567.000000000607A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000000.00000003.2133528567.000000000607A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.2081545065.0000000006086000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081356190.0000000006089000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000003.2132681260.0000000001961000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2237383660.0000000001941000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081424148.0000000001960000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106519599.000000000195F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080931138.000000000195D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/
Source: file.exe, 00000000.00000003.2196862230.0000000001961000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/(/
Source: file.exe, 00000000.00000003.2106519599.000000000195F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz//
Source: file.exe, 00000000.00000003.2106519599.000000000195F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/8/
Source: file.exe, 00000000.00000003.2080931138.0000000001999000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081779151.0000000001999000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081424148.0000000001999000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106519599.0000000001999000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/Cg3
Source: file.exe, 00000000.00000003.2233473496.00000000019C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179552864.00000000019C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2237946464.00000000019C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2183926336.00000000019BF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2196984088.00000000019C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/Uidlye;
Source: file.exe, 00000000.00000002.2237700583.0000000001961000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/X/
Source: file.exe, 00000000.00000003.2197033683.00000000019D6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2237279551.00000000018EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2159575392.00000000019B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2196862230.0000000001961000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2132681260.000000000195D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106519599.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2156812212.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2132681260.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2235929559.0000000001941000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2059041267.0000000001944000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2237383660.0000000001941000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2159595354.00000000019C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2237700583.0000000001961000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080931138.000000000195D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/api
Source: file.exe, 00000000.00000003.2132681260.000000000195D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/api.
Source: file.exe, 00000000.00000002.2237279551.00000000018EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/api5
Source: file.exe, 00000000.00000003.2235929559.0000000001941000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2237383660.0000000001941000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/apie
Source: file.exe, 00000000.00000003.2196862230.0000000001961000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2237700583.0000000001961000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/apim
Source: file.exe, 00000000.00000003.2235929559.0000000001941000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2237383660.0000000001941000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/apis
Source: file.exe, 00000000.00000003.2156812212.00000000019B7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/apiuG
Source: file.exe, 00000000.00000003.2159875964.00000000019CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2159575392.00000000019B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106519599.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2156812212.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2132681260.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2159595354.00000000019C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/apiye;
Source: file.exe, 00000000.00000002.2237700583.0000000001961000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/p(
Source: file.exe, 00000000.00000003.2196862230.0000000001961000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz:443/api
Source: file.exe, 00000000.00000003.2135403681.0000000006068000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000003.2135403681.0000000006068000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: file.exe, 00000000.00000003.2081545065.0000000006086000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081356190.0000000006089000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2081545065.0000000006086000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081356190.0000000006089000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2081545065.0000000006086000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081356190.0000000006089000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.2135403681.0000000006068000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.2135403681.0000000006068000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: file.exe, 00000000.00000003.2081545065.0000000006086000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081356190.0000000006089000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2081545065.0000000006086000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081356190.0000000006089000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2081545065.0000000006086000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081356190.0000000006089000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000000.00000003.2135403681.0000000006068000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: file.exe, 00000000.00000003.2135079342.0000000006173000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.2135079342.0000000006173000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2135403681.0000000006068000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000003.2135403681.0000000006068000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: file.exe, 00000000.00000003.2081545065.0000000006086000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081356190.0000000006089000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2081545065.0000000006086000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081356190.0000000006089000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000003.2135079342.0000000006173000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000003.2135079342.0000000006173000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000003.2135079342.0000000006173000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000003.2135079342.0000000006173000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2135079342.0000000006173000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000003.2135079342.0000000006173000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49710 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D86170 0_2_00D86170
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D6E2A9 0_2_00D6E2A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8C6D7 0_2_00D8C6D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9E690 0_2_00D9E690
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D687F0 0_2_00D687F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D6A960 0_2_00D6A960
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D76B7E 0_2_00D76B7E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D96C40 0_2_00D96C40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D70FD6 0_2_00D70FD6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D96F90 0_2_00D96F90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D833A0 0_2_00D833A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D815F0 0_2_00D815F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D697B0 0_2_00D697B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D99B90 0_2_00D99B90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9DCF0 0_2_00D9DCF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8BFDA 0_2_00D8BFDA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8BFD3 0_2_00D8BFD3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D980D9 0_2_00D980D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E240E5 0_2_00E240E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EBE0E1 0_2_00EBE0E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB60FC 0_2_00EB60FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E320D7 0_2_00E320D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EAE0D3 0_2_00EAE0D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EA00AC 0_2_00EA00AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED60A7 0_2_00ED60A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB20BC 0_2_00EB20BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D880B0 0_2_00D880B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6A096 0_2_00E6A096
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC6099 0_2_00EC6099
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCE0A3 0_2_00DCE0A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5A06B 0_2_00E5A06B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1C076 0_2_00E1C076
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E3C074 0_2_00E3C074
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF2046 0_2_00DF2046
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC6077 0_2_00DC6077
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D6E06A 0_2_00D6E06A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D85F7D 0_2_00D85F7D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1205C 0_2_00E1205C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5C029 0_2_00E5C029
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDA009 0_2_00DDA009
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9A030 0_2_00D9A030
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E3601F 0_2_00E3601F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E161E6 0_2_00E161E6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D901D0 0_2_00D901D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2E1EC 0_2_00E2E1EC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC61FA 0_2_00EC61FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF61C3 0_2_00DF61C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDE1F8 0_2_00DDE1F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E401C1 0_2_00E401C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D681F0 0_2_00D681F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EA81CD 0_2_00EA81CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DFC1F4 0_2_00DFC1F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E4E1D7 0_2_00E4E1D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EA61D0 0_2_00EA61D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9E1D5 0_2_00E9E1D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E201BE 0_2_00E201BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E3819C 0_2_00E3819C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDC156 0_2_00DDC156
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5E140 0_2_00E5E140
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E8E140 0_2_00E8E140
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E7C157 0_2_00E7C157
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E72152 0_2_00E72152
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EDA158 0_2_00EDA158
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8A100 0_2_00D8A100
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2610C 0_2_00E2610C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE8131 0_2_00DE8131
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EA2119 0_2_00EA2119
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD2129 0_2_00DD2129
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E3E118 0_2_00E3E118
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EDC2FC 0_2_00EDC2FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E3A2F1 0_2_00E3A2F1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9C2EF 0_2_00F9C2EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9E2C0 0_2_00D9E2C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E962F2 0_2_00E962F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC82CF 0_2_00EC82CF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD02F9 0_2_00DD02F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E7E2A2 0_2_00E7E2A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E602AF 0_2_00E602AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB42A0 0_2_00EB42A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E4629D 0_2_00E4629D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE82A4 0_2_00DE82A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB626B 0_2_00EB626B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1E263 0_2_00E1E263
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E62262 0_2_00E62262
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E0A269 0_2_00E0A269
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC0261 0_2_00EC0261
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E54241 0_2_00E54241
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D64270 0_2_00D64270
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D82270 0_2_00D82270
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D66200 0_2_00D66200
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E82230 0_2_00E82230
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E0023A 0_2_00E0023A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE0234 0_2_00EE0234
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EBC230 0_2_00EBC230
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2423E 0_2_00E2423E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E14209 0_2_00E14209
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E4220F 0_2_00E4220F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9821B 0_2_00E9821B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E8C3EE 0_2_00E8C3EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1C3E6 0_2_00E1C3E6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E943F8 0_2_00E943F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1A3F2 0_2_00E1A3F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E883CB 0_2_00E883CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E583C2 0_2_00E583C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9A3F0 0_2_00D9A3F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E7A3C9 0_2_00E7A3C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E303A1 0_2_00E303A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EA43BD 0_2_00EA43BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC2386 0_2_00EC2386
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ECC386 0_2_00ECC386
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E7838C 0_2_00E7838C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E3636A 0_2_00E3636A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCC357 0_2_00DCC357
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E52369 0_2_00E52369
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1037D 0_2_00E1037D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E34346 0_2_00E34346
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7C360 0_2_00D7C360
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E08358 0_2_00E08358
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED0355 0_2_00ED0355
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E3C331 0_2_00E3C331
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E80331 0_2_00E80331
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2233C 0_2_00E2233C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2830A 0_2_00E2830A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F1C301 0_2_00F1C301
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB24FA 0_2_00EB24FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DFA4C0 0_2_00DFA4C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC64F6 0_2_00DC64F6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E4E4CF 0_2_00E4E4CF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E8E4C5 0_2_00E8E4C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC84E4 0_2_00DC84E4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EA04AB 0_2_00EA04AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE2495 0_2_00DE2495
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5A49C 0_2_00E5A49C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E4C49F 0_2_00E4C49F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EAC44B 0_2_00EAC44B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DEE477 0_2_00DEE477
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD4467 0_2_00DD4467
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCE409 0_2_00DCE409
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE0408 0_2_00DE0408
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DEA439 0_2_00DEA439
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D96430 0_2_00D96430
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F345F9 0_2_00F345F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EDA5E7 0_2_00EDA5E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E025F8 0_2_00E025F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6A5C9 0_2_00E6A5C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E405D0 0_2_00E405D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ECE5AA 0_2_00ECE5AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF458E 0_2_00DF458E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF658D 0_2_00DF658D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E8A59C 0_2_00E8A59C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E3059B 0_2_00E3059B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EDE56D 0_2_00EDE56D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC656F 0_2_00EC656F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E8656C 0_2_00E8656C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E8256F 0_2_00E8256F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE6556 0_2_00DE6556
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9857B 0_2_00E9857B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D76571 0_2_00D76571
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E32553 0_2_00E32553
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EA8558 0_2_00EA8558
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5E552 0_2_00E5E552
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9252D 0_2_00E9252D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDA503 0_2_00DDA503
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E0E50A 0_2_00E0E50A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD252F 0_2_00DD252F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E52519 0_2_00E52519
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2251D 0_2_00E2251D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED06E2 0_2_00ED06E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DEC6FD 0_2_00DEC6FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD06F2 0_2_00DD06F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E306D6 0_2_00E306D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE06D9 0_2_00EE06D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E586DC 0_2_00E586DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB06D7 0_2_00EB06D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D866E7 0_2_00D866E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D66690 0_2_00D66690
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E0A6A7 0_2_00E0A6A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D96690 0_2_00D96690
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E866B1 0_2_00E866B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E68692 0_2_00E68692
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE865A 0_2_00DE865A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E54670 0_2_00E54670
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E96676 0_2_00E96676
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D72670 0_2_00D72670
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9C64C 0_2_00F9C64C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E24658 0_2_00E24658
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E4E626 0_2_00E4E626
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E62631 0_2_00E62631
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED6630 0_2_00ED6630
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E7E60E 0_2_00E7E60E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5660E 0_2_00E5660E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EBA606 0_2_00EBA606
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EA4617 0_2_00EA4617
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC27EA 0_2_00EC27EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E747F4 0_2_00E747F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE07C8 0_2_00DE07C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9A7F7 0_2_00E9A7F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E107CE 0_2_00E107CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E4A7CB 0_2_00E4A7CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E767D2 0_2_00E767D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC47D6 0_2_00EC47D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD47BC 0_2_00DD47BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E70786 0_2_00E70786
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ECC78A 0_2_00ECC78A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D767A5 0_2_00D767A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6C793 0_2_00E6C793
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E36763 0_2_00E36763
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E0876D 0_2_00E0876D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E3476E 0_2_00E3476E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5677B 0_2_00E5677B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC074C 0_2_00EC074C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E40740 0_2_00E40740
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E44757 0_2_00E44757
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EAE759 0_2_00EAE759
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E3A75B 0_2_00E3A75B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D80717 0_2_00D80717
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC870E 0_2_00DC870E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DEA70D 0_2_00DEA70D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EDC738 0_2_00EDC738
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D78731 0_2_00D78731
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC48D9 0_2_00DC48D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E488EF 0_2_00E488EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF28C7 0_2_00DF28C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F2C8EB 0_2_00F2C8EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5A8C0 0_2_00E5A8C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED28C0 0_2_00ED28C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDE899 0_2_00DDE899
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6E8B5 0_2_00E6E8B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EA48B1 0_2_00EA48B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E0C8BC 0_2_00E0C8BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E80889 0_2_00E80889
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E88887 0_2_00E88887
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EDE862 0_2_00EDE862
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E94851 0_2_00E94851
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1A85B 0_2_00E1A85B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E12821 0_2_00E12821
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE481C 0_2_00DE481C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5C833 0_2_00E5C833
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1E83D 0_2_00E1E83D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E18803 0_2_00E18803
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2E809 0_2_00E2E809
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E8C805 0_2_00E8C805
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDC82F 0_2_00DDC82F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DFE827 0_2_00DFE827
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9C811 0_2_00E9C811
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E78818 0_2_00E78818
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDE9D1 0_2_00DDE9D1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF09EF 0_2_00DF09EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E869D0 0_2_00E869D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E8E9AD 0_2_00E8E9AD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D68990 0_2_00D68990
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E149AF 0_2_00E149AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E7E9B9 0_2_00E7E9B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DEC9BB 0_2_00DEC9BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB895A 0_2_00DB895A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E98976 0_2_00E98976
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ECE949 0_2_00ECE949
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8297F 0_2_00D8297F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5E94E 0_2_00E5E94E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DEE971 0_2_00DEE971
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF496F 0_2_00DF496F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB8959 0_2_00EB8959
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3294D 0_2_00F3294D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E7A92B 0_2_00E7A92B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DFA908 0_2_00DFA908
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E00911 0_2_00E00911
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2C913 0_2_00E2C913
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB2915 0_2_00EB2915
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED0AEE 0_2_00ED0AEE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DFCACA 0_2_00DFCACA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9CAC0 0_2_00D9CAC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E38AFF 0_2_00E38AFF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EBAACA 0_2_00EBAACA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E62AC5 0_2_00E62AC5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E30AC8 0_2_00E30AC8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF6AF2 0_2_00DF6AF2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5AAC8 0_2_00E5AAC8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E3CAD5 0_2_00E3CAD5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EA2AAB 0_2_00EA2AAB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB0ABB 0_2_00EB0ABB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E58AB6 0_2_00E58AB6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EBCA89 0_2_00EBCA89
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E00A89 0_2_00E00A89
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE2AAE 0_2_00DE2AAE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E54A97 0_2_00E54A97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E7CA9F 0_2_00E7CA9F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E34A98 0_2_00E34A98
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E36A63 0_2_00E36A63
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D6CA54 0_2_00D6CA54
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD6A55 0_2_00DD6A55
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E96A66 0_2_00E96A66
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D74A40 0_2_00D74A40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE8A6F 0_2_00DE8A6F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB4A5A 0_2_00EB4A5A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ECAA50 0_2_00ECAA50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E24A23 0_2_00E24A23
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E92A21 0_2_00E92A21
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDAA0D 0_2_00DDAA0D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED6A3E 0_2_00ED6A3E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E64A3B 0_2_00E64A3B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E46A00 0_2_00E46A00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC6A35 0_2_00DC6A35
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC2BEE 0_2_00EC2BEE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E18BEA 0_2_00E18BEA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E52BC4 0_2_00E52BC4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E0ABCA 0_2_00E0ABCA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E08BCF 0_2_00E08BCF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2CBD8 0_2_00E2CBD8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2EBBB 0_2_00E2EBBB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD2BAF 0_2_00DD2BAF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E76B93 0_2_00E76B93
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC0B99 0_2_00EC0B99
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D64BA0 0_2_00D64BA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E80B61 0_2_00E80B61
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB2B62 0_2_00EB2B62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7CB5A 0_2_00D7CB5A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6AB77 0_2_00E6AB77
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EA4B72 0_2_00EA4B72
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1EB49 0_2_00E1EB49
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E78B4D 0_2_00E78B4D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E74B4C 0_2_00E74B4C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD8B17 0_2_00DD8B17
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E68B28 0_2_00E68B28
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9AB27 0_2_00E9AB27
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2AB33 0_2_00E2AB33
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EAAB3D 0_2_00EAAB3D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DEAB30 0_2_00DEAB30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE6B2E 0_2_00DE6B2E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E42B11 0_2_00E42B11
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DECCDA 0_2_00DECCDA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D82CF8 0_2_00D82CF8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E10CC6 0_2_00E10CC6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E7ACD7 0_2_00E7ACD7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E48CD6 0_2_00E48CD6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E40CD3 0_2_00E40CD3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9CCE0 0_2_00D9CCE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E8CCAB 0_2_00E8CCAB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EACCAD 0_2_00EACCAD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5ECB6 0_2_00E5ECB6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E7ECB2 0_2_00E7ECB2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF6CBB 0_2_00DF6CBB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5AC80 0_2_00E5AC80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E70C81 0_2_00E70C81
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EDEC80 0_2_00EDEC80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E3EC92 0_2_00E3EC92
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1AC9F 0_2_00E1AC9F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE4C59 0_2_00DE4C59
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED6C61 0_2_00ED6C61
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D94C4D 0_2_00D94C4D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E50C78 0_2_00E50C78
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E72C4E 0_2_00E72C4E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E90C45 0_2_00E90C45
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCAC69 0_2_00DCAC69
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF2C69 0_2_00DF2C69
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DFEC64 0_2_00DFEC64
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D78C1E 0_2_00D78C1E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E84C31 0_2_00E84C31
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5CC05 0_2_00E5CC05
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC2C3B 0_2_00DC2C3B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED8C1C 0_2_00ED8C1C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ECEC1E 0_2_00ECEC1E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E94C1C 0_2_00E94C1C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD6DDB 0_2_00DD6DDB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E7EDFE 0_2_00E7EDFE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCADE8 0_2_00DCADE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCED9E 0_2_00DCED9E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EBEDA2 0_2_00EBEDA2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDCD97 0_2_00DDCD97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EDCDB9 0_2_00EDCDB9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E8ADB4 0_2_00E8ADB4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EA8D82 0_2_00EA8D82
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCCDB7 0_2_00DCCDB7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EBAD9C 0_2_00EBAD9C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DEED5E 0_2_00DEED5E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E88D69 0_2_00E88D69
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E24D68 0_2_00E24D68
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DFAD4F 0_2_00DFAD4F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE0D47 0_2_00DE0D47
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB8D76 0_2_00EB8D76
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6CD79 0_2_00E6CD79
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D84D70 0_2_00D84D70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDED74 0_2_00DDED74
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9CD60 0_2_00D9CD60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E96D2D 0_2_00E96D2D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E22D03 0_2_00E22D03
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E0ED04 0_2_00E0ED04
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9CD00 0_2_00E9CD00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E82D04 0_2_00E82D04
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ECAD10 0_2_00ECAD10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E18EF3 0_2_00E18EF3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9AEF3 0_2_00E9AEF3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC6EF1 0_2_00EC6EF1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E74EF9 0_2_00E74EF9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D76E97 0_2_00D76E97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB4EAA 0_2_00EB4EAA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6EEA2 0_2_00E6EEA2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E64EBE 0_2_00E64EBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D86EBE 0_2_00D86EBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E96E9A 0_2_00E96E9A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D62EA0 0_2_00D62EA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED2E9B 0_2_00ED2E9B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF6EA2 0_2_00DF6EA2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DFEE43 0_2_00DFEE43
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E7AE78 0_2_00E7AE78
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E0AE4B 0_2_00E0AE4B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E44E4A 0_2_00E44E4A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E02E57 0_2_00E02E57
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E62E5F 0_2_00E62E5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDAE1D 0_2_00DDAE1D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EBCE27 0_2_00EBCE27
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7AE00 0_2_00D7AE00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9CE00 0_2_00D9CE00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E32E02 0_2_00E32E02
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD0E3E 0_2_00DD0E3E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E38E1A 0_2_00E38E1A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD2FC5 0_2_00DD2FC5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EDEFCE 0_2_00EDEFCE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE0FD5 0_2_00EE0FD5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EA4FD4 0_2_00EA4FD4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E00FAA 0_2_00E00FAA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E4AF84 0_2_00E4AF84
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E4EF8B 0_2_00E4EF8B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D78FAD 0_2_00D78FAD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD8FA0 0_2_00DD8FA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D88F5D 0_2_00D88F5D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF0F5A 0_2_00DF0F5A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF8F56 0_2_00DF8F56
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB6F64 0_2_00EB6F64
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E28F77 0_2_00E28F77
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E68F7F 0_2_00E68F7F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC6F47 0_2_00DC6F47
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6AF4A 0_2_00E6AF4A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE2F6D 0_2_00DE2F6D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC4F14 0_2_00DC4F14
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD4F0D 0_2_00DD4F0D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F30F21 0_2_00F30F21
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EAAF32 0_2_00EAAF32
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E52F39 0_2_00E52F39
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D74F08 0_2_00D74F08
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E58F05 0_2_00E58F05
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7EF30 0_2_00D7EF30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E46F0E 0_2_00E46F0E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E26F0D 0_2_00E26F0D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB10C3 0_2_00EB10C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E8D0D8 0_2_00E8D0D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8D085 0_2_00D8D085
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EAF0B4 0_2_00EAF0B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC1058 0_2_00DC1058
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E81063 0_2_00E81063
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E0907A 0_2_00E0907A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED9077 0_2_00ED9077
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1F040 0_2_00E1F040
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E43040 0_2_00E43040
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E8904C 0_2_00E8904C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D69070 0_2_00D69070
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1D052 0_2_00E1D052
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2F051 0_2_00E2F051
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E49057 0_2_00E49057
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9D053 0_2_00E9D053
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6D038 0_2_00E6D038
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DCF038 0_2_00DCF038
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DFB022 0_2_00DFB022
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5D1EC 0_2_00E5D1EC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E351ED 0_2_00E351ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E731F1 0_2_00E731F1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC31FD 0_2_00DC31FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1F1D1 0_2_00E1F1D1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E611DF 0_2_00E611DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D77190 0_2_00D77190
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD118F 0_2_00DD118F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E0D1BD 0_2_00E0D1BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EAD1B7 0_2_00EAD1B7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DD71B6 0_2_00DD71B6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E8F185 0_2_00E8F185
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EB3198 0_2_00EB3198
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC119B 0_2_00EC119B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E95195 0_2_00E95195
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E17162 0_2_00E17162
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E13166 0_2_00E13166
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EAB17A 0_2_00EAB17A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6717D 0_2_00E6717D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDB142 0_2_00DDB142
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED9147 0_2_00ED9147
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC9177 0_2_00DC9177
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DDF170 0_2_00DDF170
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EBB152 0_2_00EBB152
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E0515E 0_2_00E0515E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E1B126 0_2_00E1B126
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2112E 0_2_00E2112E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF510C 0_2_00DF510C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E11105 0_2_00E11105
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9110F 0_2_00E9110F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F2B100 0_2_00F2B100
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E4111D 0_2_00E4111D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E0F11B 0_2_00E0F11B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9F116 0_2_00E9F116
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DC92D9 0_2_00DC92D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E572E2 0_2_00E572E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D892D0 0_2_00D892D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E7D2D1 0_2_00E7D2D1
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00D74A30 appears 76 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00D68000 appears 55 times
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9975940743944637
Source: file.exe Static PE information: Section: beewzkou ZLIB complexity 0.994259854752191
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@1/0@1/1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D90A6C CoCreateInstance, 0_2_00D90A6C
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe, 00000000.00000003.2081690867.0000000006074000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106981627.0000000006086000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082173898.0000000006055000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: file.exe Static file information: File size 1858048 > 1048576
Source: file.exe Static PE information: Raw size of beewzkou is bigger than: 0x100000 < 0x19da00

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.d60000.0.unpack :EW;.rsrc:W;.idata :W; :EW;beewzkou:EW;avotpigk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;beewzkou:EW;avotpigk:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1d3039 should be: 0x1d353a
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: beewzkou
Source: file.exe Static PE information: section name: avotpigk
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB9C85 push ebx; mov dword ptr [esp], 18955365h 0_2_00DBA2D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBC0D8 push eax; mov dword ptr [esp], 5778CBA3h 0_2_00DBC96A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FAE0F0 push 66943CFDh; mov dword ptr [esp], edi 0_2_00FAE0FE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBC0E2 push eax; mov dword ptr [esp], ecx 0_2_00DBC132
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBC0E2 push 00771965h; mov dword ptr [esp], eax 0_2_00DBC9D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBC082 push edi; mov dword ptr [esp], 157F563Ch 0_2_00DBC093
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBC082 push eax; mov dword ptr [esp], esp 0_2_00DBCFBD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBC082 push edi; mov dword ptr [esp], ecx 0_2_00DBDC99
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0104E162 push eax; mov dword ptr [esp], 60186B77h 0_2_0104E1A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0104E162 push esi; mov dword ptr [esp], ebx 0_2_0104E25A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0104E162 push edx; mov dword ptr [esp], 7637C081h 0_2_0104E277
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0104E162 push ecx; mov dword ptr [esp], 05A4014Bh 0_2_0104E2A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBC0B5 push 05610E66h; mov dword ptr [esp], eax 0_2_00DBC0CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F80059 push ebx; ret 0_2_00F80068
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FB8059 push edi; mov dword ptr [esp], edx 0_2_00FB807E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FAA03C push ecx; mov dword ptr [esp], esi 0_2_00FAA05B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DBE00D push 0562658Dh; mov dword ptr [esp], eax 0_2_00DBE01F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9801F push 4C717000h; mov dword ptr [esp], esi 0_2_00E980E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9801F push ebp; mov dword ptr [esp], 42957610h 0_2_00E9815A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9801F push ecx; mov dword ptr [esp], ebx 0_2_00E98165
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2E1EC push eax; mov dword ptr [esp], edi 0_2_00E2E64A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2E1EC push 500F1B00h; mov dword ptr [esp], edi 0_2_00E2E757
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB81FB push ecx; mov dword ptr [esp], 08B11086h 0_2_00DB8203
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB81FB push esi; mov dword ptr [esp], 3BFE113Ch 0_2_00DB820E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0101202E push edi; mov dword ptr [esp], esi 0_2_01012061
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0101202E push ecx; mov dword ptr [esp], ebx 0_2_010120A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA61C0 push esi; mov dword ptr [esp], esp 0_2_00FA6280
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE41A0 push ebx; mov dword ptr [esp], 13B619B9h 0_2_00FE41B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FFE1A0 push 52C460DFh; mov dword ptr [esp], esp 0_2_00FFE232
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01024068 push eax; mov dword ptr [esp], 38B79261h 0_2_01024095
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F6A182 push eax; mov dword ptr [esp], 7028B000h 0_2_00F6A7D6
Source: file.exe Static PE information: section name: entropy: 7.978482515372212
Source: file.exe Static PE information: section name: beewzkou entropy: 7.9535775684603935

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\file.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\file.exe System information queried: FirmwareTableInformation Jump to behavior
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB917A second address: DB9184 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD714BB0746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB9184 second address: DB91A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB3925h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB91A4 second address: DB91A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB91A8 second address: DB91B2 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD714BB3916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB8A03 second address: DB8A0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F392B6 second address: F392C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD714BB391Dh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F392C8 second address: F392CD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3827D second address: F3828B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3828B second address: F38292 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F383D5 second address: F383DB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F383DB second address: F383EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jnp 00007FD714BB0746h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F383EF second address: F383F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F383F4 second address: F383FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F383FA second address: F3843C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FD714BB3916h 0x0000000a popad 0x0000000b jmp 00007FD714BB391Ah 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007FD714BB3935h 0x0000001a jg 00007FD714BB3916h 0x00000020 jmp 00007FD714BB3929h 0x00000025 push eax 0x00000026 pushad 0x00000027 popad 0x00000028 pop eax 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3843C second address: F38448 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FD714BB0746h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F386FF second address: F3870C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007FD714BB3916h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3899C second address: F389DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD714BB0753h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c pushad 0x0000000d jmp 00007FD714BB0757h 0x00000012 push edx 0x00000013 jmp 00007FD714BB074Bh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C679 second address: F3C680 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C680 second address: F3C6A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB0755h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 push esi 0x00000011 pop esi 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C6A3 second address: F3C6AD instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD714BB391Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C702 second address: F3C729 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FD714BB0751h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FD714BB074Bh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C729 second address: F3C764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007FD714BB3918h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 00000019h 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 push 00000000h 0x00000023 mov ch, 98h 0x00000025 call 00007FD714BB3919h 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C764 second address: F3C768 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C768 second address: F3C76E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C76E second address: F3C7A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB0751h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD714BB0755h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 js 00007FD714BB0758h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C7A7 second address: F3C7AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C7AB second address: F3C7AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C7AF second address: F3C7C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 pushad 0x0000000a jp 00007FD714BB3916h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C7C6 second address: F3C829 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jns 00007FD714BB0754h 0x00000011 pop eax 0x00000012 and cx, 4C08h 0x00000017 push 00000003h 0x00000019 sub dword ptr [ebp+12455565h], eax 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push edx 0x00000024 call 00007FD714BB0748h 0x00000029 pop edx 0x0000002a mov dword ptr [esp+04h], edx 0x0000002e add dword ptr [esp+04h], 0000001Ah 0x00000036 inc edx 0x00000037 push edx 0x00000038 ret 0x00000039 pop edx 0x0000003a ret 0x0000003b push 00000003h 0x0000003d mov dword ptr [ebp+122D1A6Bh], esi 0x00000043 push FDAD38C5h 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C829 second address: F3C842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD714BB3924h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C9D4 second address: F3C9F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 jmp 00007FD714BB0750h 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C9F5 second address: F3C9FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3C9FA second address: F3CA37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 xor esi, 3910CFF9h 0x0000000f push 00000003h 0x00000011 or edi, 00938781h 0x00000017 push 00000000h 0x00000019 js 00007FD714BB074Ch 0x0000001f or ecx, dword ptr [ebp+122D2A10h] 0x00000025 push 00000003h 0x00000027 and esi, 5481F2D7h 0x0000002d push 5FD68B0Ah 0x00000032 jnp 00007FD714BB0750h 0x00000038 pushad 0x00000039 pushad 0x0000003a popad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3CA37 second address: F3CAA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 add dword ptr [esp], 602974F6h 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007FD714BB3918h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D30D0h], edx 0x0000002c mov ecx, dword ptr [ebp+122D2A74h] 0x00000032 lea ebx, dword ptr [ebp+12457570h] 0x00000038 mov dword ptr [ebp+122D2C6Fh], ebx 0x0000003e xchg eax, ebx 0x0000003f pushad 0x00000040 jnl 00007FD714BB392Ch 0x00000046 push ecx 0x00000047 jnc 00007FD714BB3916h 0x0000004d pop ecx 0x0000004e popad 0x0000004f push eax 0x00000050 pushad 0x00000051 pushad 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F59932 second address: F59938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F59D45 second address: F59D81 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD714BB3916h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d jmp 00007FD714BB3925h 0x00000012 pop edi 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 js 00007FD714BB3916h 0x0000001d jmp 00007FD714BB391Eh 0x00000022 pop eax 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F59D81 second address: F59D89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5A056 second address: F5A062 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jo 00007FD714BB3916h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5A481 second address: F5A490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 jne 00007FD714BB0746h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5A490 second address: F5A49D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5A49D second address: F5A4A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5A4A3 second address: F5A4BD instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD714BB3916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jc 00007FD714BB3916h 0x00000011 pushad 0x00000012 popad 0x00000013 je 00007FD714BB3916h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5A4BD second address: F5A4C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FD714BB0746h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5A659 second address: F5A688 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FD714BB391Dh 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FD714BB3929h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5AAB5 second address: F5AABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5AABA second address: F5AAC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F51211 second address: F51222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 je 00007FD714BB0746h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2860A second address: F2861F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB3921h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2861F second address: F28629 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD714BB074Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5B890 second address: F5B89A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD714BB3916h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5B89A second address: F5B89E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5B89E second address: F5B8A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5E6A3 second address: F5E6A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6084E second address: F60854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F60854 second address: F60859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F60859 second address: F6086D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD714BB3920h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6086D second address: F6087A instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD714BB0746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F66569 second address: F66572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F66572 second address: F66576 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F65E34 second address: F65E3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F65E3A second address: F65E57 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD714BB0746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007FD714BB074Fh 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F65E57 second address: F65E85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB391Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FD714BB3928h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F65E85 second address: F65E8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F66147 second address: F6614B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F66403 second address: F66409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F69160 second address: F69183 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD714BB3929h 0x00000009 jnc 00007FD714BB3916h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6DA99 second address: F6DA9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6DB9C second address: F6DBA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FD714BB3916h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6DBA6 second address: F6DBAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6DCF6 second address: F6DD08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b je 00007FD714BB3916h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6DEFE second address: F6DF04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6DF04 second address: F6DF08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6E1A3 second address: F6E1C9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD714BB0748h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD714BB0757h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6E659 second address: F6E65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6E844 second address: F6E848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6E848 second address: F6E84E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6EC9C second address: F6ECA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6ECA2 second address: F6ECD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007FD714BB3918h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 xchg eax, ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 jl 00007FD714BB391Ch 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6ECD8 second address: F6ECDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6ECDC second address: F6ECED instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD714BB3918h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6F1BF second address: F6F1C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6F1C3 second address: F6F1E5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FD714BB391Ch 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 je 00007FD714BB391Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6FB88 second address: F6FBA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB0750h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F757C5 second address: F757CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F703BB second address: F703CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FD714BB074Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F77D3F second address: F77D4B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F79989 second address: F7998F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7998F second address: F79995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F79995 second address: F79A27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FD714BB0748h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 and si, 4F04h 0x0000002a jc 00007FD714BB074Ah 0x00000030 push esi 0x00000031 push edi 0x00000032 pop esi 0x00000033 pop esi 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push esi 0x00000039 call 00007FD714BB0748h 0x0000003e pop esi 0x0000003f mov dword ptr [esp+04h], esi 0x00000043 add dword ptr [esp+04h], 0000001Bh 0x0000004b inc esi 0x0000004c push esi 0x0000004d ret 0x0000004e pop esi 0x0000004f ret 0x00000050 jmp 00007FD714BB0756h 0x00000055 mov esi, dword ptr [ebp+122D2814h] 0x0000005b push 00000000h 0x0000005d push edx 0x0000005e or edi, 6005D757h 0x00000064 pop edi 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 push ebx 0x00000069 jnl 00007FD714BB0746h 0x0000006f pop ebx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7608A second address: F76096 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F76B6A second address: F76B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F78C42 second address: F78C48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F78C48 second address: F78C4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7BF06 second address: F7BF63 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD714BB3918h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f pushad 0x00000010 mov dword ptr [ebp+122D189Ch], ebx 0x00000016 mov esi, dword ptr [ebp+122D2A80h] 0x0000001c popad 0x0000001d push 00000000h 0x0000001f push eax 0x00000020 mov di, 3D00h 0x00000024 pop edi 0x00000025 push 00000000h 0x00000027 mov bh, 06h 0x00000029 xchg eax, esi 0x0000002a pushad 0x0000002b jng 00007FD714BB391Ch 0x00000031 jns 00007FD714BB3916h 0x00000037 pushad 0x00000038 jmp 00007FD714BB391Bh 0x0000003d jmp 00007FD714BB3922h 0x00000042 popad 0x00000043 popad 0x00000044 push eax 0x00000045 pushad 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F78C4C second address: F78C5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F78C5A second address: F78C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F78C61 second address: F78C66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7CE7A second address: F7CF20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 jmp 00007FD714BB391Ah 0x0000000b nop 0x0000000c mov dword ptr [ebp+122D2C85h], edi 0x00000012 push edi 0x00000013 jno 00007FD714BB3917h 0x00000019 pop edi 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push edx 0x0000001f call 00007FD714BB3918h 0x00000024 pop edx 0x00000025 mov dword ptr [esp+04h], edx 0x00000029 add dword ptr [esp+04h], 0000001Ah 0x00000031 inc edx 0x00000032 push edx 0x00000033 ret 0x00000034 pop edx 0x00000035 ret 0x00000036 mov ebx, esi 0x00000038 mov dword ptr [ebp+122D30D0h], ecx 0x0000003e mov edi, dword ptr [ebp+122D19FBh] 0x00000044 push 00000000h 0x00000046 push 00000000h 0x00000048 push edi 0x00000049 call 00007FD714BB3918h 0x0000004e pop edi 0x0000004f mov dword ptr [esp+04h], edi 0x00000053 add dword ptr [esp+04h], 0000001Ah 0x0000005b inc edi 0x0000005c push edi 0x0000005d ret 0x0000005e pop edi 0x0000005f ret 0x00000060 push ecx 0x00000061 ja 00007FD714BB392Eh 0x00000067 pop edi 0x00000068 xchg eax, esi 0x00000069 push eax 0x0000006a push edx 0x0000006b jmp 00007FD714BB391Dh 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7CF20 second address: F7CF48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB0759h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007FD714BB0748h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7A1A4 second address: F7A1AE instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD714BB3916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7C087 second address: F7C08C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7E205 second address: F7E20B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7A1AE second address: F7A1C0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD714BB0748h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7F06D second address: F7F08A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD714BB3928h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7C08C second address: F7C132 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD714BB0748h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007FD714BB0748h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D1903h], esi 0x0000002d mov dword ptr [ebp+122D2C6Fh], edi 0x00000033 push dword ptr fs:[00000000h] 0x0000003a push 00000000h 0x0000003c push edi 0x0000003d call 00007FD714BB0748h 0x00000042 pop edi 0x00000043 mov dword ptr [esp+04h], edi 0x00000047 add dword ptr [esp+04h], 0000001Bh 0x0000004f inc edi 0x00000050 push edi 0x00000051 ret 0x00000052 pop edi 0x00000053 ret 0x00000054 mov dword ptr fs:[00000000h], esp 0x0000005b mov bx, di 0x0000005e mov eax, dword ptr [ebp+122D0CDDh] 0x00000064 push ecx 0x00000065 movzx ebx, di 0x00000068 pop ebx 0x00000069 push FFFFFFFFh 0x0000006b call 00007FD714BB0753h 0x00000070 push edx 0x00000071 mov bx, si 0x00000074 pop ebx 0x00000075 pop ebx 0x00000076 mov ebx, dword ptr [ebp+122D2950h] 0x0000007c nop 0x0000007d jl 00007FD714BB0752h 0x00000083 jbe 00007FD714BB074Ch 0x00000089 push eax 0x0000008a push edx 0x0000008b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7A1C0 second address: F7A1C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7A1C7 second address: F7A1CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7FF8F second address: F7FF94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7FF94 second address: F7FFA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F81018 second address: F8101C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8101C second address: F8105A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 add edi, dword ptr [ebp+122D288Ch] 0x0000000e push 00000000h 0x00000010 sub dword ptr [ebp+12482452h], esi 0x00000016 mov ebx, ecx 0x00000018 push 00000000h 0x0000001a jmp 00007FD714BB0757h 0x0000001f xchg eax, esi 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FD714BB074Ah 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F82E1E second address: F82EBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FD714BB3918h 0x0000000c popad 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007FD714BB3918h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a mov dword ptr [ebp+122D2CD7h], esi 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+12475408h], edx 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ebx 0x0000003d call 00007FD714BB3918h 0x00000042 pop ebx 0x00000043 mov dword ptr [esp+04h], ebx 0x00000047 add dword ptr [esp+04h], 00000017h 0x0000004f inc ebx 0x00000050 push ebx 0x00000051 ret 0x00000052 pop ebx 0x00000053 ret 0x00000054 jc 00007FD714BB391Ch 0x0000005a mov dword ptr [ebp+122D313Bh], edx 0x00000060 xchg eax, esi 0x00000061 jmp 00007FD714BB3926h 0x00000066 push eax 0x00000067 push eax 0x00000068 push edx 0x00000069 push eax 0x0000006a push edx 0x0000006b jmp 00007FD714BB3929h 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F82EBE second address: F82ED3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB0751h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F7F1FD second address: F7F207 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD714BB391Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F80172 second address: F80228 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD714BB0752h 0x0000000f nop 0x00000010 pushad 0x00000011 push esi 0x00000012 jmp 00007FD714BB0757h 0x00000017 pop ebx 0x00000018 mov esi, ecx 0x0000001a popad 0x0000001b push dword ptr fs:[00000000h] 0x00000022 mov edi, dword ptr [ebp+12457E6Bh] 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f mov ebx, dword ptr [ebp+122D29CCh] 0x00000035 mov eax, dword ptr [ebp+122D0561h] 0x0000003b jo 00007FD714BB074Ch 0x00000041 mov edi, dword ptr [ebp+122D28A0h] 0x00000047 push FFFFFFFFh 0x00000049 add bx, 6026h 0x0000004e nop 0x0000004f pushad 0x00000050 pushad 0x00000051 jmp 00007FD714BB0757h 0x00000056 push ebx 0x00000057 pop ebx 0x00000058 popad 0x00000059 push ecx 0x0000005a jmp 00007FD714BB0750h 0x0000005f pop ecx 0x00000060 popad 0x00000061 push eax 0x00000062 js 00007FD714BB0767h 0x00000068 push eax 0x00000069 push edx 0x0000006a ja 00007FD714BB0746h 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F83EA3 second address: F83EA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F83EA7 second address: F83F60 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD714BB074Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FD714BB0758h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007FD714BB0748h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b pushad 0x0000002c push ecx 0x0000002d sub bx, DB70h 0x00000032 pop esi 0x00000033 jmp 00007FD714BB074Fh 0x00000038 popad 0x00000039 push 00000000h 0x0000003b mov edi, 7668CE66h 0x00000040 mov di, dx 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push edi 0x00000048 call 00007FD714BB0748h 0x0000004d pop edi 0x0000004e mov dword ptr [esp+04h], edi 0x00000052 add dword ptr [esp+04h], 0000001Ch 0x0000005a inc edi 0x0000005b push edi 0x0000005c ret 0x0000005d pop edi 0x0000005e ret 0x0000005f xchg eax, esi 0x00000060 jmp 00007FD714BB0751h 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007FD714BB0754h 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F83F60 second address: F83F65 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F84FA7 second address: F84FAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F84FAB second address: F84FAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F84FAF second address: F84FB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F84FB5 second address: F84FCA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB391Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F85E9C second address: F85EA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F85EA0 second address: F85ECF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD714BB3929h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007FD714BB391Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F85ECF second address: F85F17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a and edi, 2AE620A2h 0x00000010 push 00000000h 0x00000012 mov bx, di 0x00000015 push 00000000h 0x00000017 mov edi, 6EBB181Ah 0x0000001c xchg eax, esi 0x0000001d jmp 00007FD714BB0758h 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jnp 00007FD714BB0748h 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F89113 second address: F8914F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB3925h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FD714BB3927h 0x00000013 jnp 00007FD714BB3916h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8914F second address: F891B4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 je 00007FD714BB0746h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov edi, eax 0x0000000f push 00000000h 0x00000011 sub dword ptr [ebp+122D2C62h], edx 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007FD714BB0748h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 0000001Dh 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 mov ebx, 4554F195h 0x00000038 xchg eax, esi 0x00000039 jmp 00007FD714BB0757h 0x0000003e push eax 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 jp 00007FD714BB0746h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8B020 second address: F8B033 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD714BB391Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F92B6A second address: F92B9B instructions: 0x00000000 rdtsc 0x00000002 je 00007FD714BB0767h 0x00000008 jmp 00007FD714BB074Dh 0x0000000d jmp 00007FD714BB0754h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 pushad 0x00000018 popad 0x00000019 pop esi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F92D0F second address: F92D13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F92D13 second address: F92D1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9302A second address: F93032 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F93032 second address: F93038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F85141 second address: F85145 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F85145 second address: F851CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 mov dword ptr [ebp+1245646Ch], esi 0x0000000e push dword ptr fs:[00000000h] 0x00000015 pushad 0x00000016 jne 00007FD714BB0746h 0x0000001c sbb edi, 55E78161h 0x00000022 popad 0x00000023 mov dword ptr fs:[00000000h], esp 0x0000002a mov ebx, edi 0x0000002c mov eax, dword ptr [ebp+122D0019h] 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 call 00007FD714BB0748h 0x0000003a pop eax 0x0000003b mov dword ptr [esp+04h], eax 0x0000003f add dword ptr [esp+04h], 00000016h 0x00000047 inc eax 0x00000048 push eax 0x00000049 ret 0x0000004a pop eax 0x0000004b ret 0x0000004c mov ebx, dword ptr [ebp+122D19DEh] 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push ecx 0x00000057 call 00007FD714BB0748h 0x0000005c pop ecx 0x0000005d mov dword ptr [esp+04h], ecx 0x00000061 add dword ptr [esp+04h], 00000018h 0x00000069 inc ecx 0x0000006a push ecx 0x0000006b ret 0x0000006c pop ecx 0x0000006d ret 0x0000006e mov di, 7282h 0x00000072 movsx ebx, si 0x00000075 push eax 0x00000076 push eax 0x00000077 push edx 0x00000078 jnl 00007FD714BB0748h 0x0000007e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F87112 second address: F871B9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD714BB3916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007FD714BB3918h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 push dword ptr fs:[00000000h] 0x0000002d or dword ptr [ebp+122D3097h], edx 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a push 00000000h 0x0000003c push ebx 0x0000003d call 00007FD714BB3918h 0x00000042 pop ebx 0x00000043 mov dword ptr [esp+04h], ebx 0x00000047 add dword ptr [esp+04h], 00000018h 0x0000004f inc ebx 0x00000050 push ebx 0x00000051 ret 0x00000052 pop ebx 0x00000053 ret 0x00000054 call 00007FD714BB3928h 0x00000059 push ebx 0x0000005a jno 00007FD714BB3916h 0x00000060 pop edi 0x00000061 pop ebx 0x00000062 mov eax, dword ptr [ebp+122D0A35h] 0x00000068 mov edi, dword ptr [ebp+122D2F4Ah] 0x0000006e push FFFFFFFFh 0x00000070 nop 0x00000071 jg 00007FD714BB3924h 0x00000077 push eax 0x00000078 push eax 0x00000079 push edx 0x0000007a push esi 0x0000007b push eax 0x0000007c push edx 0x0000007d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8815A second address: F88164 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FD714BB0746h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F871B9 second address: F871BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F893B8 second address: F893BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8B356 second address: F8B361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FD714BB3916h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F871BE second address: F871C8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD714BB074Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F88164 second address: F881FF instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD714BB3916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007FD714BB3918h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 mov edi, ecx 0x00000029 mov bl, 78h 0x0000002b push dword ptr fs:[00000000h] 0x00000032 add edi, 126C6C1Fh 0x00000038 mov edi, 46D2311Ah 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 push 00000000h 0x00000046 push esi 0x00000047 call 00007FD714BB3918h 0x0000004c pop esi 0x0000004d mov dword ptr [esp+04h], esi 0x00000051 add dword ptr [esp+04h], 0000001Ah 0x00000059 inc esi 0x0000005a push esi 0x0000005b ret 0x0000005c pop esi 0x0000005d ret 0x0000005e mov edi, ecx 0x00000060 mov eax, dword ptr [ebp+122D02BDh] 0x00000066 add dword ptr [ebp+1247B3E3h], ecx 0x0000006c push FFFFFFFFh 0x0000006e jmp 00007FD714BB3924h 0x00000073 nop 0x00000074 push eax 0x00000075 push edx 0x00000076 push ecx 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8407D second address: F840F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB0755h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a mov dword ptr [esp], eax 0x0000000d push edx 0x0000000e sub dword ptr [ebp+1247B3E3h], ecx 0x00000014 pop edi 0x00000015 push dword ptr fs:[00000000h] 0x0000001c jnp 00007FD714BB074Ch 0x00000022 add edi, 138B28A0h 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f jmp 00007FD714BB0759h 0x00000034 mov eax, dword ptr [ebp+122D0D11h] 0x0000003a clc 0x0000003b push FFFFFFFFh 0x0000003d mov dword ptr [ebp+122D2EEDh], ebx 0x00000043 nop 0x00000044 pushad 0x00000045 jmp 00007FD714BB074Bh 0x0000004a push eax 0x0000004b push edx 0x0000004c jc 00007FD714BB0746h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F881FF second address: F88204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F88204 second address: F88222 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB0753h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F988DA second address: F988F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD714BB391Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F989B7 second address: F989DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b jno 00007FD714BB0748h 0x00000011 pop esi 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push esi 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F98AA8 second address: F98AE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edi 0x00000009 jmp 00007FD714BB3922h 0x0000000e pop edi 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FD714BB3929h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F98AE5 second address: F98AEF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD714BB0746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F98AEF second address: F98B1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnc 00007FD714BB3916h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [eax] 0x00000010 jmp 00007FD714BB3928h 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 pushad 0x0000001a push ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F98B1F second address: F98B28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F98B28 second address: DB8A03 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 jmp 00007FD714BB3921h 0x0000000d push dword ptr [ebp+122D0345h] 0x00000013 jmp 00007FD714BB3928h 0x00000018 call dword ptr [ebp+122D1AF0h] 0x0000001e pushad 0x0000001f xor dword ptr [ebp+122D30D0h], esi 0x00000025 xor eax, eax 0x00000027 mov dword ptr [ebp+122D2ED5h], esi 0x0000002d xor dword ptr [ebp+122D2ED5h], ebx 0x00000033 mov edx, dword ptr [esp+28h] 0x00000037 pushad 0x00000038 stc 0x00000039 mov eax, ecx 0x0000003b popad 0x0000003c mov dword ptr [ebp+122D281Ch], eax 0x00000042 pushad 0x00000043 mov edx, 032E1A26h 0x00000048 and edx, 6AAE6200h 0x0000004e popad 0x0000004f mov esi, 0000003Ch 0x00000054 xor dword ptr [ebp+122D30D0h], ebx 0x0000005a add esi, dword ptr [esp+24h] 0x0000005e jmp 00007FD714BB3920h 0x00000063 lodsw 0x00000065 jg 00007FD714BB392Dh 0x0000006b add eax, dword ptr [esp+24h] 0x0000006f jmp 00007FD714BB391Ah 0x00000074 mov ebx, dword ptr [esp+24h] 0x00000078 pushad 0x00000079 mov bh, 08h 0x0000007b mov cx, E6C3h 0x0000007f popad 0x00000080 nop 0x00000081 pushad 0x00000082 ja 00007FD714BB391Ch 0x00000088 push eax 0x00000089 push edx 0x0000008a push edi 0x0000008b pop edi 0x0000008c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F30A62 second address: F30A75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F30A75 second address: F30A7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9C98D second address: F9C998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FD714BB0746h 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9C998 second address: F9C99D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9C99D second address: F9C9B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD714BB0753h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9CB05 second address: F9CB0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9CB0A second address: F9CB1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD714BB0746h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FD714BB0746h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9D0A8 second address: F9D0B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jo 00007FD714BB391Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9D0B9 second address: F9D0C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9D0C1 second address: F9D0C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9D0C5 second address: F9D0E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD714BB074Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007FD714BB0746h 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F9D233 second address: F9D244 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnc 00007FD714BB3916h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA294D second address: FA295A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push esi 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA187E second address: FA188D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB391Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA19EA second address: FA19F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA1DF2 second address: FA1DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA1439 second address: FA146B instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD714BB0746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FD714BB0759h 0x00000010 pushad 0x00000011 popad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 jg 00007FD714BB0746h 0x0000001a popad 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA146B second address: FA1477 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA209D second address: FA20A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA20A1 second address: FA20DD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FD714BB3922h 0x0000000c jmp 00007FD714BB3927h 0x00000011 push edx 0x00000012 pop edx 0x00000013 jnl 00007FD714BB3916h 0x00000019 popad 0x0000001a push ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6ADDC second address: F6AE06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 jns 00007FD714BB074Ch 0x0000000f lea eax, dword ptr [ebp+12485BBDh] 0x00000015 mov edi, 298C534Ah 0x0000001a nop 0x0000001b jc 00007FD714BB075Dh 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6AE06 second address: F51211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD714BB391Fh 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007FD714BB3920h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007FD714BB3918h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 00000017h 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b pushad 0x0000002c or dword ptr [ebp+122D1BAAh], ecx 0x00000032 jmp 00007FD714BB3921h 0x00000037 popad 0x00000038 call dword ptr [ebp+122D2BE9h] 0x0000003e push eax 0x0000003f push edx 0x00000040 push ebx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6AF1D second address: F6AF2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FD714BB0746h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6B06A second address: F6B06F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6B308 second address: F6B313 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD714BB0746h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6B313 second address: F6B325 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD714BB391Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6B4BA second address: F6B4E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push edx 0x0000000e js 00007FD714BB0748h 0x00000014 pushad 0x00000015 popad 0x00000016 pop edx 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6B618 second address: F6B61D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6B61D second address: F6B62A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6B62A second address: F6B62E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6B62E second address: F6B660 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD714BB0746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b xchg eax, esi 0x0000000c jmp 00007FD714BB0758h 0x00000011 nop 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FD714BB074Ah 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6B778 second address: F6B77E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6B77E second address: F6B782 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6B782 second address: F6B7A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FD714BB391Dh 0x00000014 jnc 00007FD714BB3916h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6BD67 second address: F6BDA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 movsx edi, bx 0x0000000b push 0000001Eh 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007FD714BB0748h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov edi, ecx 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jns 00007FD714BB074Ch 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6C053 second address: F6C066 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB391Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6C0E7 second address: F6C147 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 ja 00007FD714BB0746h 0x0000000d pop ebx 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007FD714BB0748h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000016h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c xor dx, F3FDh 0x00000031 pushad 0x00000032 cld 0x00000033 jmp 00007FD714BB0755h 0x00000038 popad 0x00000039 lea eax, dword ptr [ebp+12485C01h] 0x0000003f mov dword ptr [ebp+122D2E7Fh], ecx 0x00000045 nop 0x00000046 pushad 0x00000047 pushad 0x00000048 pushad 0x00000049 popad 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6C147 second address: F51D3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jng 00007FD714BB3916h 0x0000000c jno 00007FD714BB3916h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007FD714BB3921h 0x0000001a nop 0x0000001b mov ecx, dword ptr [ebp+122D2D3Bh] 0x00000021 lea eax, dword ptr [ebp+12485BBDh] 0x00000027 sub ecx, 0BC85EF5h 0x0000002d jmp 00007FD714BB3928h 0x00000032 nop 0x00000033 push edx 0x00000034 jmp 00007FD714BB3923h 0x00000039 pop edx 0x0000003a push eax 0x0000003b jp 00007FD714BB391Eh 0x00000041 js 00007FD714BB3918h 0x00000047 nop 0x00000048 push 00000000h 0x0000004a push ebx 0x0000004b call 00007FD714BB3918h 0x00000050 pop ebx 0x00000051 mov dword ptr [esp+04h], ebx 0x00000055 add dword ptr [esp+04h], 00000017h 0x0000005d inc ebx 0x0000005e push ebx 0x0000005f ret 0x00000060 pop ebx 0x00000061 ret 0x00000062 cmc 0x00000063 call 00007FD714BB3925h 0x00000068 push ebx 0x00000069 pop ecx 0x0000006a pop ecx 0x0000006b call dword ptr [ebp+12455571h] 0x00000071 push ecx 0x00000072 push eax 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA60ED second address: FA6110 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FD714BB0754h 0x0000000a jne 00007FD714BB0746h 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA6438 second address: FA6448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FD714BB391Ch 0x0000000a jnl 00007FD714BB3916h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA6448 second address: FA644D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA65B8 second address: FA65CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007FD714BB391Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA65CC second address: FA65FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Eh 0x00000007 jnp 00007FD714BB0746h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jl 00007FD714BB0746h 0x0000001a pop edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push edi 0x0000001e pop edi 0x0000001f jnp 00007FD714BB0746h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA65FA second address: FA65FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA65FE second address: FA6609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FA6866 second address: FA6872 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD714BB3916h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FAE5AB second address: FAE5C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD714BB0756h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FAE5C7 second address: FAE5CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB2678 second address: FB2691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b jmp 00007FD714BB074Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB2691 second address: FB2695 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB2695 second address: FB26AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD714BB0750h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB26AD second address: FB26B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB281F second address: FB2825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB294F second address: FB2971 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD714BB3916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD714BB3926h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB2971 second address: FB2975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB2AF4 second address: FB2B20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB3922h 0x00000007 jmp 00007FD714BB391Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f jng 00007FD714BB3916h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB3AA5 second address: FB3AAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB3AAB second address: FB3AB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB3AB0 second address: FB3AC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD714BB074Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB55BB second address: FB55CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD714BB391Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB55CA second address: FB55CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB55CE second address: FB55D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB55D4 second address: FB55E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FD714BB074Eh 0x0000000c ja 00007FD714BB0746h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB55E8 second address: FB55F4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB837F second address: FB8383 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB8383 second address: FB838D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB838D second address: FB83AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a jmp 00007FD714BB0754h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB83AB second address: FB83B1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB7C0D second address: FB7C1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB7C1C second address: FB7C22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB7C22 second address: FB7C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB7C2B second address: FB7C31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB7C31 second address: FB7C35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB7C35 second address: FB7C3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB7C3B second address: FB7C4F instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD714BB074Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB7DAC second address: FB7DB2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FB80A0 second address: FB80AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FBF6BC second address: FBF6C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FBF837 second address: FBF843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD714BB0746h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FBF843 second address: FBF852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 js 00007FD714BB3916h 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FBF852 second address: FBF857 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FBFAEC second address: FBFAF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FBFAF0 second address: FBFAF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FBFAF8 second address: FBFAFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FBFAFE second address: FBFB04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6BB6E second address: F6BB72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6BB72 second address: F6BBE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jmp 00007FD714BB0754h 0x0000000d nop 0x0000000e mov dword ptr [ebp+122D5763h], eax 0x00000014 mov dword ptr [ebp+122D2B89h], eax 0x0000001a mov ebx, dword ptr [ebp+12485BFCh] 0x00000020 push 00000000h 0x00000022 push edi 0x00000023 call 00007FD714BB0748h 0x00000028 pop edi 0x00000029 mov dword ptr [esp+04h], edi 0x0000002d add dword ptr [esp+04h], 0000001Ch 0x00000035 inc edi 0x00000036 push edi 0x00000037 ret 0x00000038 pop edi 0x00000039 ret 0x0000003a stc 0x0000003b add dword ptr [ebp+122D2B0Dh], eax 0x00000041 add eax, ebx 0x00000043 sub cx, D9D5h 0x00000048 nop 0x00000049 jmp 00007FD714BB074Eh 0x0000004e push eax 0x0000004f push ecx 0x00000050 push ebx 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6BBE7 second address: F6BC10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 nop 0x00000007 movzx ecx, di 0x0000000a push 00000004h 0x0000000c call 00007FD714BB391Ah 0x00000011 mov dword ptr [ebp+122D24C6h], ecx 0x00000017 pop edi 0x00000018 mov ecx, dword ptr [ebp+122D2A40h] 0x0000001e nop 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 push edi 0x00000023 pop edi 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6BC10 second address: F6BC14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6BC14 second address: F6BC1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6BC1D second address: F6BC2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007FD714BB0746h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6BC2D second address: F6BC46 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD714BB3921h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6BC46 second address: F6BC4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FC096D second address: FC0971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FC0971 second address: FC0977 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FC39A3 second address: FC39A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FC3133 second address: FC3157 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FD714BB0746h 0x00000009 push edx 0x0000000a pop edx 0x0000000b ja 00007FD714BB0746h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 jbe 00007FD714BB0746h 0x0000001d jg 00007FD714BB0746h 0x00000023 pop esi 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FC3157 second address: FC316A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD714BB391Eh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FC3426 second address: FC3430 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD714BB074Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FC7686 second address: FC768B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FC768B second address: FC7690 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FC7690 second address: FC76A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD714BB3920h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FC76A9 second address: FC76AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FC76AD second address: FC76B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCF551 second address: FCF555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCD49D second address: FCD4AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD714BB391Ah 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCD4AC second address: FCD4B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCD761 second address: FCD773 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jng 00007FD714BB3918h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCD773 second address: FCD779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCDA5B second address: FCDA61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCDA61 second address: FCDA68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCDD2F second address: FCDD53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jnc 00007FD714BB3916h 0x0000000d jmp 00007FD714BB3926h 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCDD53 second address: FCDD59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCDD59 second address: FCDD5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCDD5D second address: FCDD61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCDD61 second address: FCDD6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCDD6C second address: FCDD8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD714BB0746h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jbe 00007FD714BB074Eh 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCE9F4 second address: FCE9FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCF264 second address: FCF26E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FCF26E second address: FCF274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FD3D6F second address: FD3D7F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jp 00007FD714BB0746h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2BB24 second address: F2BB28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2BB28 second address: F2BB3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB0752h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2BB3E second address: F2BB4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2BB4A second address: F2BB4F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2BB4F second address: F2BB60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jno 00007FD714BB3916h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FD339D second address: FD33B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FD714BB0750h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FD33B3 second address: FD33B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FD33B7 second address: FD33BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FDF5D1 second address: FDF5E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD714BB3924h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FDF5E9 second address: FDF5F5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD714BB074Eh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FDF733 second address: FDF742 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD714BB3916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FDF742 second address: FDF75A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 jl 00007FD714BB074Ch 0x0000000f je 00007FD714BB0746h 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FDF9EE second address: FDFA19 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e jo 00007FD714BB391Ch 0x00000014 jc 00007FD714BB3916h 0x0000001a popad 0x0000001b jp 00007FD714BB3924h 0x00000021 jbe 00007FD714BB391Eh 0x00000027 pushad 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FDFB76 second address: FDFB7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FDFB7A second address: FDFB80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FDFCFC second address: FDFD18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FD714BB0751h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FDFD18 second address: FDFD2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jl 00007FD714BB3916h 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pushad 0x00000013 popad 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FDFD2D second address: FDFD34 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FDFE98 second address: FDFEC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push edi 0x00000008 pop edi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnp 00007FD714BB391Eh 0x00000013 push eax 0x00000014 pop eax 0x00000015 jnc 00007FD714BB3916h 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 jp 00007FD714BB3916h 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE002E second address: FE0034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE01A0 second address: FE01D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007FD714BB391Bh 0x0000000a je 00007FD714BB3916h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FD714BB3921h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE01D0 second address: FE01D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE01D6 second address: FE01E2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD714BB3916h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE039A second address: FE03B3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jno 00007FD714BB0746h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e jo 00007FD714BB0746h 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FDF155 second address: FDF15C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE9F26 second address: FE9F2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE9F2C second address: FE9F30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE9A7A second address: FE9AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD714BB0758h 0x00000009 push edi 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop edi 0x0000000d pushad 0x0000000e jmp 00007FD714BB0751h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE9AB2 second address: FE9AB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE9AB6 second address: FE9ACB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FD714BB0746h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnl 00007FD714BB0746h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE9ACB second address: FE9AE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FD714BB391Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE9C3E second address: FE9C44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF693C second address: FF6958 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB3928h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF64F3 second address: FF64F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF64F9 second address: FF6503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF6503 second address: FF6507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF6507 second address: FF6553 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB3920h 0x00000007 jmp 00007FD714BB391Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e ja 00007FD714BB3924h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FD714BB3925h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FFD65F second address: FFD66C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD714BB0746h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FFD66C second address: FFD678 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007FD714BB3916h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FFD678 second address: FFD67C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FFD67C second address: FFD699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD714BB3923h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FFD699 second address: FFD69D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FFD69D second address: FFD6C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jbe 00007FD714BB3916h 0x00000013 jmp 00007FD714BB391Fh 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FFD810 second address: FFD814 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FFD814 second address: FFD81D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 100210C second address: 1002123 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD714BB0752h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1013437 second address: 1013441 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD714BB391Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1011EA9 second address: 1011EAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1011EAD second address: 1011EBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FD714BB3918h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1012177 second address: 101217C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10122D1 second address: 10122D7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 101262D second address: 1012643 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Ah 0x00000007 push esi 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1012643 second address: 101264B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 101264B second address: 1012654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1012654 second address: 1012658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 101311F second address: 1013123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10163E0 second address: 10163EA instructions: 0x00000000 rdtsc 0x00000002 je 00007FD714BB3922h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10163EA second address: 10163F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10160C4 second address: 10160D8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD714BB391Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10160D8 second address: 10160DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1023FF7 second address: 1023FFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1023FFF second address: 1024003 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1029EEB second address: 1029EFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FD714BB3916h 0x0000000a popad 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1020BEB second address: 1020C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FD714BB0746h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007FD714BB0746h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1020C00 second address: 1020C09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1020C09 second address: 1020C18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FD714BB0746h 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1036A61 second address: 1036A69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1036A69 second address: 1036A6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1036A6D second address: 1036A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD714BB3921h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1036A86 second address: 1036A8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10368A5 second address: 10368A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10368A9 second address: 10368D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FD714BB0757h 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10368D1 second address: 10368D7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1038A09 second address: 1038A0E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1038A0E second address: 1038A19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104DEB8 second address: 104DEBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104CDF2 second address: 104CDF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104CDF6 second address: 104CE0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FD714BB0750h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104CF6D second address: 104CF73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104CF73 second address: 104CF8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jmp 00007FD714BB0752h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104CF8C second address: 104CFAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edx 0x00000006 jmp 00007FD714BB3926h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104DA0F second address: 104DA13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104DA13 second address: 104DA19 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104DBC7 second address: 104DBEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007FD714BB074Ah 0x00000012 push edx 0x00000013 pop edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 pushad 0x00000017 push edi 0x00000018 pop edi 0x00000019 push esi 0x0000001a pop esi 0x0000001b je 00007FD714BB0746h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104DBEE second address: 104DBF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104F4F4 second address: 104F501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007FD714BB0746h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105208F second address: 10520A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007FD714BB3918h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10520A0 second address: 10520B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD714BB0751h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10520B5 second address: 10520ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jp 00007FD714BB3925h 0x00000012 jmp 00007FD714BB391Fh 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FD714BB3923h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1053B8D second address: 1053B91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B0338 second address: 56B033E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B033E second address: 56B0342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B0342 second address: 56B0363 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB391Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD714BB391Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B0363 second address: 56B0367 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B0367 second address: 56B036D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B036D second address: 56B037C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD714BB074Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B037C second address: 56B038B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B038B second address: 56B038F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B038F second address: 56B039D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB391Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B039D second address: 56B03E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD714BB0751h 0x00000009 sub esi, 13EF9E26h 0x0000000f jmp 00007FD714BB0751h 0x00000014 popfd 0x00000015 call 00007FD714BB0750h 0x0000001a pop esi 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B03E6 second address: 56B0400 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB3926h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B0475 second address: 56B04AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD714BB0757h 0x00000009 sbb al, FFFFFF8Eh 0x0000000c jmp 00007FD714BB0759h 0x00000011 popfd 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B04AF second address: 56B04D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD714BB3926h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B04D1 second address: 56B04D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56B04D5 second address: 56B04DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D06D3 second address: 56D06D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D06D9 second address: 56D06DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D06DF second address: 56D06E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D06E3 second address: 56D0705 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB3926h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0705 second address: 56D076E instructions: 0x00000000 rdtsc 0x00000002 call 00007FD714BB0758h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FD714BB0757h 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FD714BB074Bh 0x0000001b or esi, 52A88A7Eh 0x00000021 jmp 00007FD714BB0759h 0x00000026 popfd 0x00000027 mov edi, eax 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D076E second address: 56D0788 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 movzx esi, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD714BB391Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0788 second address: 56D079E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D079E second address: 56D07A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D07A2 second address: 56D07A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D07A8 second address: 56D0835 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD714BB3928h 0x00000008 mov ch, E2h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f mov eax, 3A0AC249h 0x00000014 mov cx, 3A05h 0x00000018 popad 0x00000019 xchg eax, ecx 0x0000001a jmp 00007FD714BB3920h 0x0000001f xchg eax, esi 0x00000020 jmp 00007FD714BB3920h 0x00000025 push eax 0x00000026 jmp 00007FD714BB391Bh 0x0000002b xchg eax, esi 0x0000002c jmp 00007FD714BB3926h 0x00000031 lea eax, dword ptr [ebp-04h] 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FD714BB3927h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0835 second address: 56D083B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D083B second address: 56D083F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D08DD second address: 56D08E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0984 second address: 56D098A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D098A second address: 56D098E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D098E second address: 56D09AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD714BB3922h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D09AB second address: 56D0049 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a pushad 0x0000000b mov dh, al 0x0000000d pushfd 0x0000000e jmp 00007FD714BB0751h 0x00000013 sbb cl, FFFFFFB6h 0x00000016 jmp 00007FD714BB0751h 0x0000001b popfd 0x0000001c popad 0x0000001d retn 0004h 0x00000020 nop 0x00000021 sub esp, 04h 0x00000024 xor ebx, ebx 0x00000026 cmp eax, 00000000h 0x00000029 je 00007FD714BB0893h 0x0000002f xor eax, eax 0x00000031 mov dword ptr [esp], 00000000h 0x00000038 mov dword ptr [esp+04h], 00000000h 0x00000040 call 00007FD7194EECDBh 0x00000045 mov edi, edi 0x00000047 pushad 0x00000048 pushfd 0x00000049 jmp 00007FD714BB074Ch 0x0000004e sbb esi, 31207DE8h 0x00000054 jmp 00007FD714BB074Bh 0x00000059 popfd 0x0000005a mov ebx, eax 0x0000005c popad 0x0000005d xchg eax, ebp 0x0000005e jmp 00007FD714BB0752h 0x00000063 push eax 0x00000064 push eax 0x00000065 push edx 0x00000066 jmp 00007FD714BB074Eh 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0049 second address: 56D004F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D004F second address: 56D007D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007FD714BB0753h 0x00000014 pop ecx 0x00000015 push edi 0x00000016 pop eax 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D007D second address: 56D00D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB3922h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov edx, esi 0x0000000e mov ch, F8h 0x00000010 popad 0x00000011 push FFFFFFFEh 0x00000013 pushad 0x00000014 mov dx, 9026h 0x00000018 call 00007FD714BB3927h 0x0000001d mov dh, al 0x0000001f pop edx 0x00000020 popad 0x00000021 call 00007FD714BB3919h 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FD714BB391Ah 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D00D4 second address: 56D00D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D00D8 second address: 56D00DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D00DE second address: 56D0101 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD714BB074Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0101 second address: 56D0135 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB391Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007FD714BB3929h 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0135 second address: 56D0139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0139 second address: 56D0153 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB3926h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0153 second address: 56D017C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD714BB0754h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D017C second address: 56D01D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB391Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FD714BB3924h 0x00000011 or ecx, 351948D8h 0x00000017 jmp 00007FD714BB391Bh 0x0000001c popfd 0x0000001d mov bh, ch 0x0000001f popad 0x00000020 push 0E22348Ah 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FD714BB3927h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D01D5 second address: 56D01F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 00B2235Ah 0x00000008 call 00007FD714BB074Bh 0x0000000d pop ecx 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xor dword ptr [esp], 7B8B1FFAh 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D01F8 second address: 56D0201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, 142Dh 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0201 second address: 56D0249 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD714BB0759h 0x00000009 sbb cl, 00000036h 0x0000000c jmp 00007FD714BB0751h 0x00000011 popfd 0x00000012 push esi 0x00000013 pop edi 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr fs:[00000000h] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov dx, DDCAh 0x00000024 mov ax, dx 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0249 second address: 56D0278 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 call 00007FD714BB3926h 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD714BB391Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0278 second address: 56D02B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD714BB0757h 0x00000009 sub cl, 0000002Eh 0x0000000c jmp 00007FD714BB0759h 0x00000011 popfd 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D02B2 second address: 56D02D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD714BB3923h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D02D1 second address: 56D0372 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD714BB074Fh 0x00000009 and ah, FFFFFFEEh 0x0000000c jmp 00007FD714BB0759h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 sub esp, 18h 0x00000018 pushad 0x00000019 push eax 0x0000001a pushfd 0x0000001b jmp 00007FD714BB074Fh 0x00000020 sbb eax, 41C053FEh 0x00000026 jmp 00007FD714BB0759h 0x0000002b popfd 0x0000002c pop ecx 0x0000002d mov esi, edi 0x0000002f popad 0x00000030 push esi 0x00000031 jmp 00007FD714BB0758h 0x00000036 mov dword ptr [esp], ebx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FD714BB0757h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0372 second address: 56D0378 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0378 second address: 56D037C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D037C second address: 56D03C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a mov edi, ecx 0x0000000c call 00007FD714BB3926h 0x00000011 mov di, ax 0x00000014 pop ecx 0x00000015 popad 0x00000016 mov dword ptr [esp], esi 0x00000019 jmp 00007FD714BB391Dh 0x0000001e xchg eax, edi 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FD714BB391Dh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D03C3 second address: 56D03C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D03C9 second address: 56D0439 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FD714BB3926h 0x0000000e xchg eax, edi 0x0000000f jmp 00007FD714BB3920h 0x00000014 mov eax, dword ptr [75AF4538h] 0x00000019 jmp 00007FD714BB3920h 0x0000001e xor dword ptr [ebp-08h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007FD714BB391Dh 0x0000002a sbb ah, 00000076h 0x0000002d jmp 00007FD714BB3921h 0x00000032 popfd 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0439 second address: 56D043E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D043E second address: 56D0457 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD714BB391Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0457 second address: 56D048B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB0759h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov ax, 20D3h 0x0000000f mov ch, F7h 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov bx, E872h 0x0000001a mov edi, 24C419BEh 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D048B second address: 56D049A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD714BB391Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D049A second address: 56D053F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007FD714BB0755h 0x0000000e lea eax, dword ptr [ebp-10h] 0x00000011 jmp 00007FD714BB074Eh 0x00000016 mov dword ptr fs:[00000000h], eax 0x0000001c pushad 0x0000001d mov cx, F33Dh 0x00000021 pushfd 0x00000022 jmp 00007FD714BB074Ah 0x00000027 or ax, 7D18h 0x0000002c jmp 00007FD714BB074Bh 0x00000031 popfd 0x00000032 popad 0x00000033 mov dword ptr [ebp-18h], esp 0x00000036 jmp 00007FD714BB0756h 0x0000003b mov eax, dword ptr fs:[00000018h] 0x00000041 jmp 00007FD714BB0750h 0x00000046 mov ecx, dword ptr [eax+00000FDCh] 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007FD714BB0757h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D053F second address: 56D056D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB3929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD714BB391Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D056D second address: 56D05A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB0751h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007FD714BB0798h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD714BB0758h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D05A4 second address: 56D05AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D05AA second address: 56D05EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add eax, ecx 0x0000000b pushad 0x0000000c push ecx 0x0000000d mov esi, ebx 0x0000000f pop edx 0x00000010 jmp 00007FD714BB0756h 0x00000015 popad 0x00000016 mov ecx, dword ptr [ebp+08h] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FD714BB074Ah 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D05EB second address: 56D05F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0262 second address: 56C02C1 instructions: 0x00000000 rdtsc 0x00000002 call 00007FD714BB0758h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushfd 0x0000000b jmp 00007FD714BB074Bh 0x00000010 sbb ch, FFFFFFBEh 0x00000013 jmp 00007FD714BB0759h 0x00000018 popfd 0x00000019 popad 0x0000001a push eax 0x0000001b jmp 00007FD714BB0751h 0x00000020 xchg eax, ebp 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C02C1 second address: 56C02C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C02C5 second address: 56C035B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 jmp 00007FD714BB0751h 0x0000000e sub esp, 2Ch 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FD714BB074Ch 0x00000018 add cx, D248h 0x0000001d jmp 00007FD714BB074Bh 0x00000022 popfd 0x00000023 call 00007FD714BB0758h 0x00000028 movzx esi, di 0x0000002b pop ebx 0x0000002c popad 0x0000002d xchg eax, ebx 0x0000002e pushad 0x0000002f jmp 00007FD714BB0758h 0x00000034 mov esi, 11889EA1h 0x00000039 popad 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e mov dl, ah 0x00000040 call 00007FD714BB0755h 0x00000045 pop esi 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C035B second address: 56C03C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebx 0x0000000b jmp 00007FD714BB3924h 0x00000010 xchg eax, edi 0x00000011 jmp 00007FD714BB3920h 0x00000016 push eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushfd 0x0000001b jmp 00007FD714BB3927h 0x00000020 xor ax, 2ABEh 0x00000025 jmp 00007FD714BB3929h 0x0000002a popfd 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C03C6 second address: 56C03DE instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 20DFD807h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a mov edx, 6C89E01Eh 0x0000000f pop edi 0x00000010 popad 0x00000011 xchg eax, edi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C03DE second address: 56C03E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C03E2 second address: 56C03E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C03E6 second address: 56C03EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C03EC second address: 56C0405 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD714BB0755h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0405 second address: 56C0409 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C041D second address: 56C04B3 instructions: 0x00000000 rdtsc 0x00000002 mov bx, 2548h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushfd 0x00000009 jmp 00007FD714BB0751h 0x0000000e or esi, 309267B6h 0x00000014 jmp 00007FD714BB0751h 0x00000019 popfd 0x0000001a popad 0x0000001b sub ebx, ebx 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007FD714BB074Dh 0x00000024 and eax, 42BFF916h 0x0000002a jmp 00007FD714BB0751h 0x0000002f popfd 0x00000030 movzx eax, bx 0x00000033 popad 0x00000034 mov edi, 00000000h 0x00000039 jmp 00007FD714BB0758h 0x0000003e inc ebx 0x0000003f jmp 00007FD714BB0750h 0x00000044 test al, al 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C04B3 second address: 56C04B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C04B7 second address: 56C04BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0558 second address: 56C056A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD714BB391Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C064F second address: 56C0673 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD714BB074Ch 0x00000009 or eax, 5E29B8E8h 0x0000000f jmp 00007FD714BB074Bh 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0673 second address: 56C068A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 lea eax, dword ptr [ebp-2Ch] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD714BB391Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C068A second address: 56C06DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD714BB074Fh 0x00000009 sub al, FFFFFFDEh 0x0000000c jmp 00007FD714BB0759h 0x00000011 popfd 0x00000012 mov edi, eax 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, esi 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FD714BB0759h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C06DB second address: 56C06E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C06E1 second address: 56C0732 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FD714BB0756h 0x0000000e xchg eax, esi 0x0000000f jmp 00007FD714BB0750h 0x00000014 nop 0x00000015 jmp 00007FD714BB0750h 0x0000001a push eax 0x0000001b pushad 0x0000001c pushad 0x0000001d mov edi, esi 0x0000001f popad 0x00000020 mov dl, cl 0x00000022 popad 0x00000023 nop 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0732 second address: 56C0736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0736 second address: 56C0750 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB0756h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0750 second address: 56C07CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB391Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FD714BB3924h 0x00000011 and ax, 84B8h 0x00000016 jmp 00007FD714BB391Bh 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007FD714BB3928h 0x00000022 sbb esi, 0B8FBF18h 0x00000028 jmp 00007FD714BB391Bh 0x0000002d popfd 0x0000002e popad 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FD714BB3924h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0847 second address: 56C084B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C084B second address: 56C0851 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0851 second address: 56C0039 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB0754h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FD784F8E532h 0x0000000f xor eax, eax 0x00000011 jmp 00007FD714B89E7Ah 0x00000016 pop esi 0x00000017 pop edi 0x00000018 pop ebx 0x00000019 leave 0x0000001a retn 0004h 0x0000001d nop 0x0000001e sub esp, 04h 0x00000021 mov edi, eax 0x00000023 xor ebx, ebx 0x00000025 cmp edi, 00000000h 0x00000028 je 00007FD714BB0854h 0x0000002e call 00007FD7194DEBA7h 0x00000033 mov edi, edi 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 mov dx, 4410h 0x0000003c pushfd 0x0000003d jmp 00007FD714BB0759h 0x00000042 xor al, FFFFFF96h 0x00000045 jmp 00007FD714BB0751h 0x0000004a popfd 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0039 second address: 56C0049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD714BB391Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C015D second address: 56C01A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD714BB0757h 0x00000009 add al, 0000001Eh 0x0000000c jmp 00007FD714BB0759h 0x00000011 popfd 0x00000012 mov eax, 550D87E7h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C01A4 second address: 56C01A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C01A8 second address: 56C01AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C01AE second address: 56C01CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB391Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [ebp-04h], 55534552h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0D0D second address: 56C0D13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0D13 second address: 56C0D17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0D17 second address: 56C0D1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0D1B second address: 56C0D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [75AF459Ch], 05h 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FD714BB391Dh 0x00000016 sub esi, 38367A26h 0x0000001c jmp 00007FD714BB3921h 0x00000021 popfd 0x00000022 movzx esi, bx 0x00000025 popad 0x00000026 je 00007FD784F815C0h 0x0000002c jmp 00007FD714BB3923h 0x00000031 pop ebp 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 mov edx, esi 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0DB0 second address: 56C0DBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0DBF second address: 56C0E4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD714BB391Fh 0x00000008 mov ecx, 22FD5FEFh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push 08F266A3h 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FD714BB3921h 0x0000001c sub ecx, 14435E56h 0x00000022 jmp 00007FD714BB3921h 0x00000027 popfd 0x00000028 pushfd 0x00000029 jmp 00007FD714BB3920h 0x0000002e xor si, 0878h 0x00000033 jmp 00007FD714BB391Bh 0x00000038 popfd 0x00000039 popad 0x0000003a add dword ptr [esp], 6CBC3585h 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FD714BB3925h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56C0E4A second address: 56C0E5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD714BB074Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D09F1 second address: 56D09F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D09F5 second address: 56D0A08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB074Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0A08 second address: 56D0A47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB3929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FD714BB391Ch 0x00000011 sbb ah, 00000068h 0x00000014 jmp 00007FD714BB391Bh 0x00000019 popfd 0x0000001a push eax 0x0000001b push edx 0x0000001c mov al, FCh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0A47 second address: 56D0A8D instructions: 0x00000000 rdtsc 0x00000002 mov eax, edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 mov bh, al 0x0000000b movsx edi, cx 0x0000000e popad 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov cx, bx 0x00000016 pushfd 0x00000017 jmp 00007FD714BB074Fh 0x0000001c sbb ax, 280Eh 0x00000021 jmp 00007FD714BB0759h 0x00000026 popfd 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0A8D second address: 56D0AFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007FD714BB3923h 0x0000000b adc ecx, 0835661Eh 0x00000011 jmp 00007FD714BB3929h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c jmp 00007FD714BB391Eh 0x00000021 xchg eax, esi 0x00000022 jmp 00007FD714BB3920h 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FD714BB391Eh 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0AFB second address: 56D0B01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0B01 second address: 56D0B11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a mov eax, edi 0x0000000c push eax 0x0000000d push edx 0x0000000e mov eax, edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0B11 second address: 56D0B3A instructions: 0x00000000 rdtsc 0x00000002 mov dl, 99h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov esi, dword ptr [ebp+0Ch] 0x0000000a jmp 00007FD714BB0754h 0x0000000f test esi, esi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov esi, 0F10167Fh 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0B3A second address: 56D0BBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 jmp 00007FD714BB391Ch 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e je 00007FD784F7117Eh 0x00000014 jmp 00007FD714BB3920h 0x00000019 cmp dword ptr [75AF459Ch], 05h 0x00000020 pushad 0x00000021 call 00007FD714BB391Eh 0x00000026 movzx ecx, dx 0x00000029 pop edi 0x0000002a movzx esi, bx 0x0000002d popad 0x0000002e je 00007FD784F8922Ah 0x00000034 pushad 0x00000035 mov eax, ebx 0x00000037 jmp 00007FD714BB3921h 0x0000003c popad 0x0000003d xchg eax, esi 0x0000003e pushad 0x0000003f mov ebx, eax 0x00000041 mov bl, cl 0x00000043 popad 0x00000044 push eax 0x00000045 jmp 00007FD714BB3922h 0x0000004a xchg eax, esi 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0BBF second address: 56D0BC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0BC3 second address: 56D0BE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD714BB3929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0C97 second address: 56D0CFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 jmp 00007FD714BB074Bh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], esi 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FD714BB0754h 0x00000017 jmp 00007FD714BB0755h 0x0000001c popfd 0x0000001d push eax 0x0000001e push edx 0x0000001f pushfd 0x00000020 jmp 00007FD714BB074Eh 0x00000025 xor ecx, 7B0E2C88h 0x0000002b jmp 00007FD714BB074Bh 0x00000030 popfd 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0D3B second address: 56D0D4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 65011619h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0D4D second address: 56D0D51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0D51 second address: 56D0D55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0D55 second address: 56D0D5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D0D5B second address: 56D0D6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD714BB391Fh 0x00000009 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: DB8969 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: DB8A90 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: DB896F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: F5F5C6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: F8CB02 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: FEFFCD instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB81FB rdtsc 0_2_00DB81FB
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 6304 Thread sleep time: -180000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6304 Thread sleep time: -30000s >= -30000s Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\file.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: file.exe, file.exe, 00000000.00000002.2236497581.0000000000F43000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: discord.comVMware20,11696428655f
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: global block list test formVMware20,11696428655
Source: file.exe, 00000000.00000003.2105634776.00000000060AC000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000003.2081779151.0000000001960000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2058959258.0000000001963000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2237279551.00000000018EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2196862230.0000000001961000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2156812212.000000000195D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2132681260.0000000001961000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081424148.0000000001960000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2106519599.000000000195F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2237700583.0000000001961000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080931138.000000000195D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: outlook.office.comVMware20,11696428655s
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: AMC password management pageVMware20,11696428655
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: tasks.office.comVMware20,11696428655o
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: dev.azure.comVMware20,11696428655j
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2105634776.00000000060AC000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: YNVMware
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2236497581.0000000000F43000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: file.exe, 00000000.00000003.2105634776.00000000060A7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DB81FB rdtsc 0_2_00DB81FB
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D9B480 LdrInitializeThunk, 0_2_00D9B480
Source: file.exe, file.exe, 00000000.00000002.2236497581.0000000000F43000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: \4Program Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: file.exe, 00000000.00000003.2183895613.00000000019DD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Source: C:\Users\user\Desktop\file.exe WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information
barindex
Yara detected LummaC Stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 3944, type: MEMORYSTR
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
Found many strings related to Crypto-Wallets (likely being stolen)
Source: file.exe, 00000000.00000003.2081779151.0000000001960000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: %appdata%\Electrum\wallets
Source: file.exe, 00000000.00000003.2081779151.0000000001960000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Wallets/ElectronCash
Source: file.exe, 00000000.00000003.2081779151.0000000001960000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Wallets/JAXX New Version
Source: file.exe, 00000000.00000003.2081779151.0000000001960000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: window-state.json
Source: file.exe, 00000000.00000003.2081779151.0000000001960000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: file.exe, 00000000.00000003.2159875964.00000000019CD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ExodusWeb3
Source: file.exe, 00000000.00000003.2081424148.00000000019B7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance(
Source: file.exe, 00000000.00000003.2081779151.0000000001960000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: %appdata%\Ethereum
Source: file.exe, 00000000.00000003.2081779151.0000000001960000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \??\C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: file.exe, 00000000.00000003.2159893711.00000000019C2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: keystore
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao Jump to behavior
Tries to harvest and steal ftp login credentials
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FTPbox Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FTPGetter Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FTPInfo Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\ProgramData\SiteDesigner\3D-FTP Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FTPRush Jump to behavior
Tries to steal Crypto Currency Wallets
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Binance Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB Jump to behavior
Searches for user specific document files
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents\UNKRLCVOHV Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents\UNKRLCVOHV Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: 00000000.00000003.2081424148.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2159575392.00000000019B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2081779151.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2080931138.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2106519599.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2132681260.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2156812212.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2159595354.00000000019C9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2132681260.0000000001961000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2156812212.000000000195D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2106519599.000000000195F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 3944, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected LummaC Stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 3944, type: MEMORYSTR
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572006 Sample: file.exe Startdate: 10/12/2024 Architecture: WINDOWS Score: 100 10 atten-supporse.biz 2->10 14 Suricata IDS alerts for network traffic 2->14 16 Found malware configuration 2->16 18 Antivirus detection for URL or domain 2->18 20 7 other signatures 2->20 6 file.exe 2->6         started        signatures3 process4 dnsIp5 12 atten-supporse.biz 104.21.80.1, 443, 49704, 49705 CLOUDFLARENETUS United States 6->12 22 Detected unpacking (changes PE section rights) 6->22 24 Query firmware table information (likely to detect VMs) 6->24 26 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->26 28 9 other signatures 6->28 signatures6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.80.1
 atten-supporse.biz United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
atten-supporse.biz 104.21.80.1 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
dare-curbys.biz false
    		high
    impend-differ.biz false
      		high
      dwell-exclaim.biz false
        		high
        zinc-sneark.biz false
          		high
          formy-spill.biz false
            		high
            se-blurry.biz false
              		high
              covery-mover.biz false
                		high
                https://atten-supporse.biz/api false
                  		high
                  atten-supporse.biz false
                    		high
                    print-vexer.biz false
                      		high